Did you add it as custom script for the OS type/version that you use?
Do you see the script output in the OnGuard status for the client?
The output value seems fine and can be any number. You can output additional information (just print as standard command output) in the form: Attribute=Value, which you then can pick up in your Custom Onguard script definition, like:
(instead of Attribute=Value, you can also use json instead).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 28, 2024 07:38 AM
From: Fcbeng1202
Subject: Clearpass OnGuard Health Check local Certificate
Yes I agree but I wrote a powershell script like this but no success, and no luck finding if what I return is appropriate (If I follow the doc I would say yes), any advice on this would be great :
# Get Machine FQDN to compare with Cert SN
$PCFQDN = [System.Net.Dns]::GetHostByName($env:computerName).HostName;
# Issuing CA to var
$CA = "CN=xxxxx, DC=xxxx, DC=xxxx";
# Threshold definition
$Threshold = 0;
# Deadline
$deadline = (Get-Date).AddDays($Threshold);
# Put $exitcode to 65 (failure) by default
$OutVar1 = 65;
# Get all the certificates from the current machine's personal store
[System.Object[]]$Certs = Get-ChildItem -Path Cert:\LocalMachine\My;
# Loop through each certificate and extract the relevant properties
if ($Certs -ne $null) {
foreach ($Cert in $Certs) {
# Determine if the cert subject matches the machine FQDN
if ($Cert.Subject -match $PCFQDN) {
# Check if Issuer is correct
if ($Cert.Issuer -match $CA) {
# Check Expiration date
if ($Cert.NotAfter -gt $deadline) {
# exitcode 0 is success
$OutVar1 = 0;
}
}
}
}
}
Exit $OutVar1;
Original Message:
Sent: May 28, 2024 07:16 AM
From: Herman Robers
Subject: Clearpass OnGuard Health Check local Certificate
I think a custom script would be possible.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: May 14, 2024 10:08 AM
From: Fcbeng1202
Subject: Clearpass OnGuard Health Check local Certificate
Hi there,
I'm requesting some guidance to be able to check the presence of a local certificate in the windows machine certificate store under the "personal/Certificates" folder
The cert is provided by the ADCS with auto enroll fully configured and I would like to check the expiration date and if the cert's subject is matching the machine FQDN.
I did not see anything specific in the healthcheck options to do this so I'm guessing ... Custom script ?
Has anyone managed to do something like that ?
Many Thanks