THIS APP WORKS ON SPLUNK ENTERPRISE AND LIGHT - BUT NOT UNIVERSAL/LIGHT FORWARDERS

Doesnt work on Universal Forwarders / Light Forwarders
Requires Splunk's built in Python 2.7 and OpenSSL binaries / libraries
Tested on Windows, OSX 10.11.5, and Generic Linux
Installation Instructions

1st - Install the app, and restart Splunk
2nd - Configure the app by opening the app and navigating to setup
- Specify a host, index, and interval / cron schedule
- Unselect disabled
- Specify comma separated list of ssl certificates to monitor
- Click save
3rd - Restart Splunk or reload scripted inputs (./splunk reload exec)
4th - Setup your own Splunk searches, alerts, dashboards over index=indexName cert=*

Troubleshooting:

Be sure the python scripts in /bin are executable ("chmod +x /path/to/ssl_checker/bin/.py")
Be sure to restart Splunk after configuration (Enables scripted inputs)
Check for logged errors ("index=_internal log_level=err OR log_level=warn ssl_checker")
Contact the author via contact link here on splunkbase or by tagging @jkat54 on answers.splunk.com


Change Log v4.0.2:
-Updated example dashboard
-Fixed bug in setup.xml

Change Log v4.0.1:
Successfully implemented python3 compatibility

Change Log v4.0:
Failed attempt at python3 compatiblity


Change Log v3.1:

Fixed issue with certs on caPaths not being correctly detected in automated detection mode
Added better Instructions to setup.xml
Removed index name from "Certificate Expiration Overview" dashboard underlying search

Change Log v3.0:

Added Automatic Discovery Mode
Added Certificate Expiration Overview dashboard
Changed default CRON schedules to 0 0 * * from * * * *

Change Log v2.0:

Added ssl.conf file & REST endpoints for managing SSL certificates
Added props.conf to force DATETIME_CONFIG = CURRENT
Added setup.xml for enabling inputs and setting paths to certificates on both Window & Linux systems
Changed interval to every minute on all inputs but they are disabled by default

Change Log v1.01:

Disabled inputs by default
Changed interval to 0 0 * * * on all inputs
Disabled logging of duplicate data to _internal index via splunk.mining.dcutil
