eG Enterprise version 7.5 introduces advanced capabilities for detailed SSL Certificate Monitoring including monitoring for web servers and apps using SSL. Monitoring SSL certificates is essential to ensure secure connections, prevent service outages, and maintain user trust. Here are a few things you need to monitor and questions you should ask to keep your services and apps running reliably and securely.

Question 1 – Which SSL certificates are nearing expiry? Have any expired?

Why you care: Monitoring SSL certificates for expiry is critical to avoid service disruptions, browser warnings, and user trust issues. An expired certificate can block access to your website or application, break secure connections, and cause compliance failures.

It can also disrupt APIs and services, leading to lost revenue or data exposure. Regularly checking which certificates are nearing expiry ensures continuity, maintains security, and supports compliance. Alerting in advance allows timely renewal and prevents last-minute emergencies.

How eG Enterprise helps:

Screenshot of eG Enterprise showing configuration options for monitoring expired SSL certificates and for monitoring SSL certificates due to expire within a given timeframe

Figure 1: eG Enterprise can be configured to alert on certificates nearing expiry. The “MAX EXPIRY DAY” field can be set to a number of days whereby only certificates due to expire within that timeframe will be highlighted

Question 2 – Which (if any) SSL certificates are privately signed?

Why you care: Privately signed certificates aren’t trusted by browsers or external users, leading to security warnings and blocked access. They’re useful in internal systems but risky if accidentally used in public-facing services. Monitoring for them helps avoid trust issues, ensures proper use, and maintains compliance. Detecting private certs early prevents outages, user confusion, and potential vulnerabilities in exposed systems.

Privately signed certificates may not necessarily cause failure but can block caching vital for usable performance, learn more in this deep-dive postmortem where a self-signed certificate caused significant problems for a real customer’s web application, see: Troubleshooting Web Application Performance & SSL Issues.

Clickable banner to an article on how to monitor your Java licenses for compliance and security

Question 3 – Certificate Chain Validity – Are root/intermediate certificates valid? Are any nearing expiry?

Why you care: You need to ensure that the full chain (including intermediate certificates) is valid and properly configured. An incomplete chain can cause trust issues. Monitoring chain validity helps maintain uninterrupted secure connections and ensures the full trust path from your certificate to a trusted root authority.

Question 4 – Revocation Status – Have any certificates been revoked?

Why you care: Checking if SSL certificates are revoked is essential because a revoked certificate is no longer trusted by the issuing Certificate Authority (CA). Revocation can occur due to compromise, misuse, or administrative error. If a revoked certificate is still in use, browsers may block access or show warnings, exposing users to security risks.

You can manually check whether an SSL certificate has not been revoked by using the CRL (Certificate Revocation List) or OCSP (Online Certificate Status Protocol) to verify its validity.

How eG Enterprise helps:

Screenshot showing eG Enterprise displaying details of SSL certificates including whether the certificate is private, self-signed, revoked, has a common name available, has a valid certificate chain and so on

Figure 2: eG Enterprise will monitor whether private certificates are configured, where certificates are self-signed, whether a valid certificate chain is in place and whether a certificate has been revoked. Here SSL certificate monitoring is shown for a database server.

Question 5 – Signature Algorithm – Are any certificates using lower strength public keys?

Why you care: It is best practice to use modern secure signature algorithms (such as SHA-256). You want to avoid relying upon weak or deprecated algorithms such as SHA-1.

eG Enteprise console screenshot showing details of the public key size of SSL certificates

Figure 3: eG Enterprise tracks the public key size of the certificate. Larger key sizes provide higher security to the target website

Detailed Diagnostics for All SSL Certificates

Screenshot of detailed diagnostics within eG Enterprise - a screen available so that administrators can see the details of SSL certificates without using other tools

Figure 4: Full details of SSL certificates are always available to administrators via the eG Enterprise console

SSL Certificate Expiry Report

You can always access the ready-to-go SSL Certificate Expiry Report via the “Reporter” tab in the main eG Enterprise console. Navigate to the “Reports by Function” section and “Domain Specific Reports -> Security and Compliance -> SSL Certificate”.

Out-of-the-box SSL certificate report from eG Enteprise is shown - this report gives an instant overview of expired certificates and those nearing expiry for admins to address or to use to show governance by automated SSL certificate audits

Summary

eG Enterprise v7.5 introduces a number of useful features to allow administrators to automate their management of SSL technologies and certificates without manual effort.

eG Enterprise is an Observability solution for Modern IT. Monitor digital workspaces,
web applications, SaaS services, cloud and containers from a single pane of glass.

Free Trial  See the platform

About the Author

Ramesh is a Product Lead at eG Innovations with 15+ years of experience in enterprise Java development. He specializes in software architecture and monitoring technologies like Java APM, Real User Monitoring, and JMX. Passionate about clean code and scalability, he enjoys solving complex problems and sharing his expertise with the developer community.