Skip to content ↓ | Skip to navigation ↓

Tripwire Enterprise isn’t just a change detection and compliance tool. The core ability to execute commands on agent boxes and network devices, capture the results and run the results through a series of tests can be applied to other use cases, as well.  These use cases are limited only by the imagination of the user. One such use case is certificate management.

A couple of years back, I was assigned a consulting engagement to write a custom report for a customer. The engagement was scheduled for two weeks, but because of the quality of data, the contracted deliverable took just 3 days. The customer opted to continue the engagement, hoping to glean extra value-add in the remaining days.

During the course of that next week, the customer informed me that they were looking to purchase a $70,000 software package for certificate management and wondered if Tripwire Enterprise could deliver the functionality they needed instead. So, I asked why they were looking into certificate management.

He explained that they had a retail website and one particular weekend, they had four certificates expire on them as the dates weren’t being tracked. This caused the retail site to be unavailable and was a massive inconvenience to their customers and their revenue stream. They were looking for a solution to notify them when certs were due to expire within 30 days, so they could be proactive instead of reactive.

They asked me to concentrate on Windows, so I spent a couple of days developing a couple of PowerShell scripts to capture the name and expiration date on certificates expiring 30 days before and after the current date in all five trust stores. Here is a sample:

powershell.exe “dir cert:\LocalMachine\Root -Recurse | where-object {$_.notafter -le ((get-date).AddDays(30)) -and $_.notafter -gt ((get-date).AddDays(-30))} | Sort-Object notafter | format-table notafter,subject -Autosize”

I then wrote COCR rules to execute the scripts.


The policy tests then executed on the captured COCR element content, testing the content for date evaluation.

Here is a sample test:


Tripwire had saved them $70,000 in first year costs for a new tool. The customer was so elated and grateful for the results that he was literally in tears thanking me as I left the site for the last time.

The Tripwire Enterprise engine can be used for many out-of-the-box solutions for customers. This is just one of those stories.