Some certificate such as NDES server Intuned SSL and Server  certificate are manually requested, we need to monitor its validity period. We can use powershell and PRTG to do this.

Some facts about the PRTG:

  • In the PRTG folder C:\Program Files (x86)\PRTG Network Monitor\Custom Sensors\EXE
  • It only returns integer value, not string. so we calculate the days until it expire and store it in variable $daysToExpire


Create below powershell script, save it as Cert_less_than_30_days.ps1 in on PRTG host:

The hashed echo lines are used for debugging.


#we create a new object by using the x509Store .NET class to open the machine certificate store. We store this object in the $store variable

$store = New-Object System.Security.Cryptography.X509Certificates.x509Store("\\NPS01.your.domain\My", "LocalMachine")

#we open the store to access the certificates inside


$dateOfToday = Get-Date
foreach ($Cert in $store.Certificates){

    # echo $cert.NotAfter.ToShortDateString()
    $daysToExpire = NEW-TIMESPAN –Start $dateOfToday –End $cert.NotAfter
    # echo $daysToExpire.Days

    if (($cert.NotAfter -le (get-date).AddDays(30)) -and ($cert.NotAfter -ge (get-date)) -and ($cert.Subject -match "NPS01")){

        write-host $daysToExpire.Days,":Cert is Expiring!"

    }elseif($cert.NotAfter -le (get-date)){

        write-host $daysToExpire.Days,":Cert is Expired!!!"

        write-host $daysToExpire.Days,":OK"




##change "" into the server FQDN

##Change 30 into the date of the validity remain when you want the warning to be issued.

##Change NPS01 into the keyword included in the friendly name of the cert.

In PRTG, create a Custom Sensors > EXE/Script > click dropdown after EXE/Script, select Cert_less_than_30_days.ps1.

And setup windows local admin account under the device setting.

Value type: integer.

Security Context: Use Windows Credentials of parent device.


Click Create. Then after the first fresh, go to the sensor settings. Click Channel Settings next to Sensor settings.  Click Value (ID2), Tick Enable Alerting based on limits.

  • Lower Warning Limit: select 3
  • Lower Error Limit: select 2
  • Error Limit Message: Cert is expired
  • Warning Limit Message: Cert is expiring.