I decided to rewrite my PKI Notify GUI using WPF instead of WinForms. The functionality remains the same. it is a pair of powershell scripts to keep track of certificate expiration and CRL expiration in a PKI.
PKInotifyGUI will show a form to fill in with your infrastructure settings:
- CA names an servernames
- path of the CRL distribution
- certificate templates to check
- SMTP settings and warning threshold for sending the emails
PKInotifyCLI will connect to the CDP and CAs given in the form and fill a SQLite database with the CRL's and certificates info.
The idea is to schedule pkinotifyCLI once of twice per week and manually execute pkinotifiyGUI to manipulate all the information.
Then you can exclude the certificates which are not in production (in use) and add granular email notifications if needed.
This comment has been removed by a blog administrator.
ReplyDelete