Alibaba SSL Certificates Test
Many Alibaba cloud services rely on SSL certificates. This can include Elastic Compute Service (ECS) instances, websites, API Gateway services, Function Compute functions, anthe ted CDN endpoints.
This implies that if an SSL certificate expires, then users will no longer be able to use the cloud services that depend on that certificate until such time the certificate is renewed. To ensure high service availability, administrators should periodically check the validity of the SSL certificates of cloud services, so they can quickly identify those certificates that have expired or are nearing expiry. This is where the Alibaba SSL Certificates test helps!
At configured intervals, this test checks the validity of SSL certificates and turns administrator attention to expired certificates. Also, by revealing how soon each issued certificate will expire, the test also alerts administrators to the potential expiry of a certificate.
Target of the test : An Alibaba Cloud Account
Agent deploying the test : A remote agent
Outputs of the test : One set of results for the cloud account being monitored
Parameters | Description |
---|---|
Test period |
How often should the test be executed |
Host |
The host for which the test is to be configured. |
Alibaba Access Key and Alibaba Secret Key |
This test makes REST API requests to the Alibaba cloud to pull the metrics. For this purpose, the test needs to be configured with an AccessKey pair. An AccessKey pair is typically used to call an operation of an Alibaba Cloud service. It is also used to initiate an API request or use a cloud service SDK to manager cloud resources. An AccessKey pair is characterized by an AccessKey ID and an AccessKey Secret. The AccessKey ID is used to identify a user/cloud account. The AccessKey Secret is used to verify a user/cloud account. The first step to configuring the eG agent with an AccessKey pair is to create an AccessKey pair for the target cloud acount. To achieve this, follow the steps below:
If you failed to make note of the AccessKey ID and AccessKey Secret at the time of creating the AccessKey pair, then you can obtain the same at a later point in time. Similarly, if an AccessKey pair pre-exists for the target cloud account, then you do not have to create another one. Instead, you can obtain the AccessKey ID and AccessKey Secret of the existing AccessKey pair and configure the eG agent with the same. For this, follow the steps below:
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
Measurement | Description | Measurement Unit | Interpretation | ||||||
---|---|---|---|---|---|---|---|---|---|
Has any certificate expired? |
Indicates whether/not any certificate has expired. |
|
The values that this measure reports and their corresponding numeric values are listed below:
Note: This measure reports the Measure Values listed in the table above to indicate whether/not any certificate has expired. In the graph of this measure however, the same is indicated using the numeric equivalents only. To know which certificates have expired, use the detailed diagnosis of this measure. |
||||||
Expiring certificate |
Indicates the number of certificates that will expire within the LICENSE EXPIRY PERIOD configured for this test. |
Number |
Use the detailed diagnosis of this measure to know which certificates are nearing expiry. |
||||||
Total certificates |
Indicates the total number of certificates on the Alibaba cloud. |
Number |
The detailed diagnosis of this measure provides the complete details of all certificates in use. |
||||||
Issued certificates |
Indicates the number of certificates that have been issued. |
Number |
|
||||||
Expired certificates |
Indicates the number of certificates that have expired. |
Number |
If this measure reports a non-zero value, then use the detailed diagnosis of the measure to identify the SSL certificates that have expired. |
If the Has any certificate expired? measure reports the value Yes, then use the detailed diagnosis of this measure to know which certificates expired, who issued them, and the certificate fingerprint. Similar details will also be available as part of the detailed diagnostics of the Expired certificates measure.
Figure 1 : Detailed diagnosis of the Has any certificate expired? measure and the Expired certificates measure
To know which SSL certificates are in use currently, use the detailed diagnosis of the Total certificates measure.
Figure 2 : Detailed diagnosis of the Total certificates measure reported by the Alibaba SSL Certificates test