From ce618d289b8239d7c4396b34d2c334f2cead6acf Mon Sep 17 00:00:00 2001 From: AndyButland Date: Mon, 5 Jun 2017 16:43:17 +0200 Subject: [PATCH] Extended HttpsCheck healthcheck to check for expiring SSL certificate --- src/Umbraco.Web.UI/umbraco/config/lang/en.xml | 4 +- .../umbraco/config/lang/en_us.xml | 4 +- .../HealthCheck/Checks/Security/HttpsCheck.cs | 42 ++++++++++++++++--- 3 files changed, 42 insertions(+), 8 deletions(-) diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/umbraco/config/lang/en.xml index d99cd8f43f..22a97054e4 100644 --- a/src/Umbraco.Web.UI/umbraco/config/lang/en.xml +++ b/src/Umbraco.Web.UI/umbraco/config/lang/en.xml @@ -1474,8 +1474,10 @@ To manage your website, simply open the Umbraco back office and start adding con Media - Total XML: %0%, Total: %1%, Total invalid: %2% Content - Total XML: %0%, Total published: %1%, Total invalid: %2% - Your site certificate was marked as valid. + Your website's certificate is valid. Certificate validation error: '%0%' + Your website's SSL certificate has expired. + Your website's SSL certificate is expiring in %0% days. Error pinging the URL %0% - '%1%' You are currently %0% viewing the site using the HTTPS scheme. The appSetting 'umbracoUseSSL' is set to 'false' in your web.config file. Once you access this site using the HTTPS scheme, that should be set to 'true'. diff --git a/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml b/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml index 63fc12101f..1847892530 100644 --- a/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml +++ b/src/Umbraco.Web.UI/umbraco/config/lang/en_us.xml @@ -1469,8 +1469,10 @@ To manage your website, simply open the Umbraco back office and start adding con Media - Total XML: %0%, Total: %1%, Total invalid: %2% Content - Total XML: %0%, Total published: %1%, Total invalid: %2% - Your site certificate was marked as valid. + Your website's certificate is valid. Certificate validation error: '%0%' + Your website's SSL certificate has expired. + Your website's SSL certificate is expiring in %0% days. Error pinging the URL %0% - '%1%' You are currently %0% viewing the site using the HTTPS scheme. The appSetting 'umbracoUseSSL' is set to 'false' in your web.config file. Once you access this site using the HTTPS scheme, that should be set to 'true'. diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs index 4e2dc4f8f5..b50fc99a6e 100644 --- a/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs +++ b/src/Umbraco.Web/HealthCheck/Checks/Security/HttpsCheck.cs @@ -1,6 +1,7 @@ using System; using System.Collections.Generic; using System.Net; +using System.Security.Cryptography.X509Certificates; using System.Web; using Umbraco.Core.IO; using Umbraco.Core.Services; @@ -53,7 +54,7 @@ namespace Umbraco.Web.HealthCheck.Checks.Security private HealthCheckStatus CheckForValidCertificate() { var message = string.Empty; - var success = false; + StatusResultType result; var url = HealthCheckContext.HttpContext.Request.Url; // Attempt to access the site over HTTPS to see if it HTTPS is supported @@ -65,7 +66,37 @@ namespace Umbraco.Web.HealthCheck.Checks.Security try { var response = (HttpWebResponse)request.GetResponse(); - success = response.StatusCode == HttpStatusCode.OK; + if (response.StatusCode == HttpStatusCode.OK) + { + // Got a valid response, check now for if certificate expiring within 14 days + // Hat-tip: https://stackoverflow.com/a/15343898/489433 + const int NumberOfDaysForExpiryWarning = 14; + var cert = request.ServicePoint.Certificate; + var cert2 = new X509Certificate2(cert); + var expirationDate = cert2.NotAfter; + + var daysToExpiry = (int)Math.Floor((cert2.NotAfter - DateTime.Now).TotalDays); + if (daysToExpiry <= 0) + { + result = StatusResultType.Error; + message = _textService.Localize("healthcheck/httpsCheckExpiredCertificate"); + } + else if (daysToExpiry < NumberOfDaysForExpiryWarning) + { + result = StatusResultType.Warning; + message = _textService.Localize("healthcheck/httpsCheckExpiringCertificate", new[] { daysToExpiry.ToString() }); + } + else + { + result = StatusResultType.Success; + message = _textService.Localize("healthcheck/httpsCheckValidCertificate"); + } + } + else + { + result = StatusResultType.Error; + message = _textService.Localize("healthcheck/httpsCheckInvalidUrl", new[] { address, response.StatusDescription }); + } } catch (Exception ex) { @@ -80,17 +111,16 @@ namespace Umbraco.Web.HealthCheck.Checks.Security { message = _textService.Localize("healthcheck/httpsCheckInvalidUrl", new[] { address, ex.Message }); } + + result = StatusResultType.Error; } var actions = new List(); - if (success) - message = _textService.Localize("healthcheck/httpsCheckValidCertificate"); - return new HealthCheckStatus(message) { - ResultType = success ? StatusResultType.Success : StatusResultType.Error, + ResultType = result, Actions = actions }; }