Forum Discussion

mnagel's avatar
Icon for Professor rankProfessor
8 years ago

SSL monitoring improvements

Several related ideas:

* please make it so Web Service checks allow detection of expiring SSL certificates, preferably via a parameter in the alert tuning, at least 30 days by default.

* please adjust the SSL_Certs datasource to also check validity.  The current script is in a JAR file, so hard to see how to adjust on my end -- it may already have what is needed.  We had a cert loaded yesterday with a broken chain, which make it invalid, but the DS happily reported it was expiring in 1110 days during that period.

* same as above, for F5 VIP certificates, if possible (not clear that is exposed via F5 SNMP results)

* the web service check should also report validity, but I think it may already (if SSL errors are detected)

* allow SSL checks against virtual hosts via CN matching and SNI; this would I assume require a special manually configured multi-instance DS like PingMulti?