SSL Certificate Validity Test

This test reports how long (in days) the SSL certificates that have been configured for monitoring will remain valid and the current status of th SSL certificates.

This test is disabled by default. To enable the test, go to the enable / disable tests page using the menu sequence : Agents -> Tests -> Enable/Disable, pick the desired Component type, set Performance as the Test type, choose the test from the disabled tests list, and click on the < button to move the test to the ENABLED TESTS list. Finally, click the Update button.

Target of the test : An Apache web server

Agent deploying this test : An internal agent

Outputs of the test : One set of outputs for every Target and/or every Targetfile and/or the unique key assigned to each certificate in the specified Keystore File.

Configurable parameters for the test
Parameters Description

Test period

This indicates how often should the test be executed.

Host

The host for which the test is to be configured.

Targets

If you want to monitor specific SSL-enabled web sites, then, provide a comma-separated list of {HostIP/Name}:{Port) pairs, which represent the web sites to be monitored. For example, 192.168.10.7:443,192.168.10.8:443. The test connects to each IP/port pair and checks for the validity of the certificate associated with that target. One set of metrics is reported for each target. The descriptor represents the common name (CN) value of the SSL certificate. By default, this parameter is set to the <IP_of_the_monitored_web/application_server>:<Port_on_which_the_server_listens>. If you do not want to monitor the validity of certificates based on configured targets, set this parameter to none.

Targetfiles

To monitor specific certificate files, provide a comma-separated list of file paths for the SSL certificates that are to be monitored in the Targetfiles text box. For example, C:\server.crt, D:\admin.crt. The test reads the SSL Certificates for the web sites that are to be monitored from this location and checks for the validity. If you do not want to check the validity of specific certificate files, set this parameter to none.

Keystore Type

Specify what type of keystore contains the certificates that you want to monitor. By default, this parameter is set to the value JKS, which implies that the Java Keystore is by default used for storing the certificates. If the certificates in your environment are contained within a different type of keystore, then specify the exact type here - eg., PKCS12.

Keystore File

A keystore is a database (usually a file) that can contain trusted certificates and combinations of private keys with their corresponding certificates. If you are looking to monitor the certificates contained within a keystore file, then provide the full path to this file in the Keystore File text box. For example, the location of this file may be: C:\egurkha\manager\tomcat\webapps\eGmanager.bin. In this case, the test automatically accesses each of the certificates that the specified keystore contains, and checks its validity. If you do not want to monitor the certificates in a keystore, set this parameter to none.

Keystore Password

If a Keystore File is provided, then, in this text box, provide the password that is used to obtain the associated certificate details from the Keystore File. If none is specified against Keystore File, then, enter none here as well.

Confirm Password

Confirm the Keystore Password by retyping it here.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

SSL certificate validity

Indicates the number of days from the current day for which this SSL certificate will be valid.

Days

 

Certificate status

Indicates the current status of this SSL certificate.

 

The numeric values that correspond to these measure values are discussed in the table below:

Measure Value Numeric Value
Public CA Signed 20
Local CA Signed 25
Not Verified 40
Self Signed 60
Revoked 80

Note:

By default, this measure reports the Measure Values listed in the table above. In the graph of this measure however, the state of the SSL certificate is represented using the corresponding numeric equivalents only.