SSL Certificate Test

All SSL web servers are configured with security certificates. During the SSL protocol handshake with clients, a server exchanges this certificate with the clients. An SSL certificate includes information about the server/domain to which the certificate is licensed, the issuing authority, and a validity period for the certificate. Beyond the validity period, the SSL certificate becomes invalid, and clients' SSL connections to the web server would fail. To avoid such a situation, it is essential that web server administrators are alerted in advance about the potential expiry of the SSL certificates on their web site. The SSL Certificate test monitors the validity period for SSL certificates of different web sites.

Target of the test : A Web server

Agent deploying the test : An internal agent

Outputs of the test : One set of results for every Target configured.

Configurable parameters for the test
Parameter Description

Test Period

How often should the test be executed.

Host

The host for which the test is to be configured.

Port

The port at which the application listens.

Timeout

Provide the duration (in seconds) beyond which the test times out.

Targets

Provide a comma-separated list of {HostIP/Name}:{Port) pairs, which represent the web sites to be monitored. For example, 192.168.10.7:443,192.168.10.8:443. The test connects to each IP/port pair and checks for validity of the certificate associated with this target. One set of metrics is reported for each target. The descriptor represents the common name (CN) value of the SSL certificate

Measurements made by the test
Measurement Description Measurement Unit Interpretation

SSL certificate validity

Represents the validity of the SSL certificate in days.

Days

As this value approaches close to 0, an alert is generated to proactively inform the administrator that the SSL certificate is nearing expiry. A value of 0 indicates that the SSL certificate has expired.