On 9/25/24 8:26 PM, Jeremy Laidman wrote:
I'd be surprised if you couldn't use https://<IP>:3389/ and get some kind of useful result.
I can get useful information with the following OpenSSL commands:
openssl s_client -connect <IP>:3389 0</dev/null 2>/dev/null | openssl x509 -noout -subject -startdate -enddate
You can use the "ssl" keyword in protocols.cfg and that checks the certificate. Something like this:
[rdps]
port 3389
options ssl
send "QUIT\r\n"
The "send" line is not necessary, but it lets the RDP endpoint close the session, and might avoid error logs being added to the event logs.
Your rdps protocol idea worked out PERFECTLY!
Xymon showed that the system I found the expired cert on was good. But as soon as I asked it to monitor an additional host, it found that the additional hosts's TLS cert expired 47 days ago. <facePALM>
Sorry for the delay getting back to this thread.
--
Grant. . . .
unix || die