Solved: SSL Certificate

Amiir-89 · ‎06-26-2024

Hey All
I have downloaded the app SSL Certificate lookup

I using this search to see information about the certificate, but it gives me no information.

| makeresults
| eval dest="example.com"
| mvexpand dest
| lookup sslcert_lookup dest OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)

the domain is using port 8441

When i add for example splunk.com it works but not the one i want to see.

What is wrong in the search, or what should i add?

Thanks in advance

aaryan · ‎06-27-2024

Please try this if you want to add the port.

| makeresults
| eval dest="example.com", dest_port=8441
| lookup sslcert_lookup dest dest_port OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)

View solution in original post

aaryan · ‎06-27-2024

Please try this if you want to add the port.

| makeresults
| eval dest="example.com", dest_port=8441
| lookup sslcert_lookup dest dest_port OUTPUT ssl_subject_common_name ssl_subject_alt_name ssl_end_time ssl_validity_window
| eval ssl_subject_alt_name = split(ssl_subject_alt_name,"|")
| eval days_left = round(ssl_validity_window/86400)

SSL Certificate

using Splunk Enterprise

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

Are you a member of the Splunk Community?

SSL Certificate

using Splunk Enterprise

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap