CAS SSL Certificates Test

SSL certificates are important to maintain the confidentiality of data in an organization as well as maintain the organization’s reputation and integrity. SSL certificates are small data files that digitally bind a cryptographic key to organization’s details. With the SSL certificates, data is encrypted prior to being transmitted via Internet, and the encrypted data can be decrypted only by the application server to which you actually send it. This ensures that the information you transmit is safe. Typically, the SSL certificates are prepared with a specific validity time beyond which the connections will no longer be secure. If the certificates suddenly expire, the users will no longer be able to access the applications. To avoid this, administrators should proactively identify certificates nearing expiry and renew the certificates before expiry. The CAS SSL Certificates test helps administrators in this regard!

This test help administrators figure out the count of SSL certificates that are about to expire and the count of SSL certificates that have already expired. This detailed diagnosis of this test lists the name of the SSL Certificate that is about to expire/already expired. Using this test administrators can proactively figure out the SSL certificates that are nearing expiry and renew the certificated before expiry.

Target of the test : Microsoft Certificate Authority Server

Agent deploying the test : An internal agent

Outputs of the test : One set of the results for the target Microsoft Certificate Authority Server that is being monitored

Configurable parameters for the test
Parameter Description

Test period

How often should the test be executed

Host

The IP address of the host for which this test is to be configured.

Port

The port at which the specified Host listens to. By default, this is 443.

Expiry in Days

Specify the time period in days during which this test should report the expiry details of the SSL certificates. By default, this is set to 30 days.

Show SSL Cert Expired DD

By default, this flag is set to No. This implies that by default, detailed metrics will not be available for the SSL certificates expired measure reported by this test. To enable detailed diagnosis for this measure, you can set this flag to Yes. In this case, you will be able to view the complete details of all the SSL certificates that expired.

Ignore Certificate Template

By default, this parameter is set to none indicating that this test will monitor all the SSL certificates in the target environment. In some environments, SSL certificates are renewed automatically upon expiry. In this case, many administrators wanted eG Enterprise to suppress alerts for those certificates that are assigned for auto-renewal. To aid administrators in this regard, if the SSL certificates are issued based on certificate templates in the target Microsoft Certificate Authority Server, then, specifying a comma-separated list of certificate templates or wild card patterns of the templates against this parameter will ignore the SSL certificates issued based on those certificate templates from the scope of monitoring. For example, your specification can be: *DomainController*,*machine*,*Webserver*,*14608435*

Detailed Diagnosis

To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability
  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.
Measurements made by the test
Measurement Description Measurement Unit Interpretation

SSL certificates to be expires

Indicates the number of SSL certificates that are about to expire.

Number

The detailed diagnosis of this measure lists the request name, common name of the SSL certificate, template of the certificate and the expiry date of the certificate.

SSL certificates expired

Indicates the number of SSL certificates that had expired during the last measurement period.

Number

The detailed diagnosis of this measure if enabled, lists the request name, common name of the SSL certificate, template of the certificate and the date on which the certificate expired.