Hey All
I have downloaded the app SSL Certificate lookup
I using this search to see information about the certificate, but it gives me no information.
| makeresults
| eval dest="example.com"
| mvexpand dest
| lookup sslcert_lookup dest OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)
the domain is using port 8441
When i add for example splunk.com it works but not the one i want to see.
What is wrong in the search, or what should i add?
Thanks in advance
Please try this if you want to add the port.
| makeresults
| eval dest="example.com", dest_port=8441
| lookup sslcert_lookup dest dest_port OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)
Please try this if you want to add the port.
| makeresults
| eval dest="example.com", dest_port=8441
| lookup sslcert_lookup dest dest_port OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)