ADFS Certificate expiration notification job - single-sign-on

I have over 20 applications utilizing ADFS SSO authentication. Last year the token signing certificate expired and I went through the whole sky is falling - chasing down 3rd party vendors to schedule the refreshing of the metadata files to try to make the transition to the new cert as seamless as possible. I have already added calendar reminders 3+ months before their next expiration but I would like to be a little bit more prepared and have a job/script that runs and send me an email when the certificate is 90+ days from expiration. Does anyone know of or have a script that could do accomplish that? Also, is there a way I could do the same per RPT signature certs? I currently have most if not all set to automatically update but would like the notification anyway if possible.

There are a few around e.g. this.
"This script will query AD FS certificates (via Get-AdfsCertficate) and Relying Party Trust certificates (via Get-AdfsRelyingPartyTrust) and check if the certificates expire within a user-defined threshold (or the default 30 days if not specified). It will then output details about expiring certificates, and, optionally, send an alert email."

Related

Server certificate change issue for Huawei PushKit Uplink message

Currently, if you want to apply "Uplink message sending" for your apps in Huawei PushKit, you must provide a Url and it's Https certificate
If the certificate gets expired or changed, an update is needed for the uplink to keep working.
However, the issue gets serious when the number of apps becomes relatively large. This would make the update process difficult.
Is there anyway to apply the uplink message without worrying about the certificate change over time?
Is there a reason that Huawei does not try to get the certificate of the passed Url itself and check it periodically and update it?
Thanks in advance
Is there anyway to apply the uplink message without worrying about the
certificate change over time?
How many apps do you have and and how frequently do you change your server certificate? According to the instruction here, it is just a matter of changing the URL and upload the PEM file. Per Shirley's suggestion, the developer server monitors the certificate validity period and will remind you to update the certificate before it expires.
Sign in to AppGallery Connect.
Select My projects, find your project from the project list, and
click the app for which you need to send messages. Go to Grow > Push
Kit > Settings. Find Receive uplink message and click Enable.
Set Destination URL and HTTPS certificate (in PEM format).
Is there a reason that Huawei does not try to get the certificate of
the passed Url itself and check it periodically and update it?
Huawei AppGallery Connect treats security and communication seriously so it is important to make sure that the developer follow the security best practice to update their own HTTPS URL & certificate.
Is there anyway to apply the uplink message without worrying about the certificate change over time?
If the uplink message fails to be sent, the device will receive an error code. After receiving the error code, the device instructs the device to update the certificate.Alternatively, the developer server monitors the certificate validity period and reminds you to update the certificate before it expires.
Is there a reason that Huawei does not try to get the certificate of the passed Url itself and check it periodically and update it?
To meet security compliance requirements, Huawei must check the validity of certificates.

Order of Certificates in Windows Popup

So when you go to a site via internet explorer/chrome that requires a certificate (such as from a smart card), is there any way to change the order of the certificates displayed?
I've found it's based on expiration date, however all 3 expire at the same time.
Mostly this is to force users to select the correct cert which is not displayed right away but instead forces them to go to more choices...

How can I edit keystore File? expand expiry date of certificate?

I have lots of questions to ask about Keystore. I googled a lot but couldn't find proper answer about keystore. I have created my one application and I set Expiry date (accidentally small figure) too soon.. And I have uploaded my application on play store.. So, my question is, What happens after expiration date? 1. User's can't download application?, 2.I will not be able to export with sign certificate? if I am able to export application than, can I able to upload it on play store? Play store accept application with expired certificate?
So I want to edit expiry date only of keystore file certificate. how can I do that?
And Once I have added validity(years): 800, what it means? 800 years? Days? After that I got expired date on 20 Dec 28. What is calculation of expiry date here?
I have placed Image so It will be easy to understand here what I am talking about..
The time you enter there is the expiry date in years. Google play store only allows you to use a certificate that is signed for AT LEAST 25 years.
Check this link for more information:
http://developer.android.com/tools/publishing/app-signing.html

iOS Configuration Profile Expiration

We are building iOS OTA Enrollment system in our IT.
After reading Apple docs, i would not find reference how to set an expiration date on the Configuration Profile installed on the device.
My motivation is to create expiration date on profiles that i am going to install based on the device owner (they have to login before i install it)
Is there a way to control how long the Configuration Profile is valid for?
The configuration Profile has 2 keys:
RemovalDate
DurationUntilRemoval
Which takes a date or duration in seconds respectively, which when satisfied, will remove the profile. But maybe that wasn't what you're looking for?
The Configuration Profile supports the key "PayloadExpirationDate".
You can set the expiration date in the profile, and after the expiration, a new button inside the profile will appear to update the profile manually.
You can see the documentation in the following link:
https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
Also, the Apple documentation "Over-the-Air Profile Delivery Concepts" says
Upon receiving the final encrypted profile, the device installs it.
Reconfiguration occurs automatically if the profile expires or if
a VPN connection attempt fails.
However, I wasn't able to update the profile, not manually and not automatically.
As far as I know, there is no way to control the expiration date.

Wait or revoking an iPhone expiring certificate?

In my iOS Provisioning Portal Current Development Certificates section, the certificate expiry date is Sep 30, 2010. Today is Sep 30, 2010. Should I wait for the certificate to expire and renew? Or should I revoke the existing one and create a new one certificate?
Currently, the Ad Hoc Provisioning Profile has expired. No matter how many times I click the Renew button next to it, the status will become Expired. The means the app in all my beta testers' machines stops running and I cannot send a new version to them before a good Certificate is issued.
Thanks!
You can renew certificates before they expire, and this is typically a good idea. There's really nothing to be gained by letting them go, except (a) if you're not actively using them, you save a few steps and (b) a few days before expiration, next year.
However, for normal use, you just renew them a week or two before they expire.