Skip to main content
Version: NG-2.14

SSL Certificate Monitor

Introduction

An SSL certificate is a digital certificate that authenticates a website's identity and enables an encrypted connection. SSL certificates expire in specified time and that will make your website fail. So iIts critical to monitor expiry of SSL certificates.

Getting Started

Compatibility

vuSmartMaps support monitoring all types of X.509 SSL/TLS certificates used by various Web Services

Data Collection Method

vuSmartmaps collects health and performance data using VuNet's Internal Data Collector.

Prerequisites

Inputs for Configuring Data Source

  • Data Source Name: Data source name to uniquely identify the source.
  • Web Service URL for which SSL certificates should be monitored: The URL must starts with 'https' and should be a proper FQDN or an IP Address.
  • Exclude Root Certificates: Should root certificates be excluded from monitoring or not
  • Polling Frequency: Specifies the interval in seconds at which data is collected. Data collection occurs once every specified period.

Firewall Requirement

To collect data from this O11ySource, ensure the following ports are opened:

Source IPDestination IPDestination PortProtocolDirection
IP address(es) of the vuSmartmaps ServerWeb Services EndPoints443TCPOutbound

*Before providing the firewall requirements, please update the port based on the customer environment.

Configuring the Target

SSL Certificates are obtained directly by involing the Web Service so Web Services must be accessible from vuSmartMaps. There is no specific configuration required on the target server as such.

Configuration Steps

  • Enable the O11ySource.
  • Select the Sources tab and press the + button to add a new SSL Certificate Web Service to be monitored.
  • Populate all the configurations. Click on Save to create the instance.

Metrics Collected

NameDescriptionData Type
AgeAge of the SSL CertificateUInt64
EnddateEnd date of SSL certificateUInt64
expiryExpiry time of SSL certificateInt64
startdateStart date of SSL certificateUInt64
verification_codeVerification Code of SSL certificate.UInt64
verification_errorVerification Error in String if there is an issue with SSL certificateString
ocsp_status_codeOnline Certificate Status Protocol Status CodeUInt64
ocsp_next_updatewhen ocsp_stapled=yes, Date when OCSP will be next updatedUInt64
ocsp_produced_atwhen ocsp_stapled=yes, Date OCSP is produced atUInt64
ocsp_this_updatewhen ocsp_stapled=yes, Date OCSP is produced atUInt64
ocsp_verifiedOCSP is verified or notString
ocsp_statusOnline Certificate Status Protocol StatusString
ocsp_stapledOCSP Stapling improves performance by positioning a digitally-signed and time-stamped version of the OCSP response directly on the webserver.String
sanThe Subject Alternative Name (SAN) field in an SSL certificate is an extension that allows additional, alternative names to be associated with a certificateString
issuer_serial_numberCertificate Issuer Serial numberString
issuer_common_nameCertificate Issuer Common NameString
public_key_algorithmPublic Key Algorithm used for the certificateString
signature_algorithmSignature Algorithm used for the certificateString
serial_numberThe Serial Number is an alphanumeric string assigned by DigiCert to each SSL certificateString
verificationWhether certificate is valid or not.String
localityThis field denotes the city in which the organization is located.String
provinceThe state/province where your company is legally located.String
countryThe country where your company is legally located.String
organizational_unitThe name of your department within the organizationString
organizationThe name of your organizationString
sourceThe URL with 443 port which is using the SSL certificateString
source_urlThe URL which is using the SSL certificateString
typeType of SSL certificate. Leaf, Intermediate, Root etc.String
Tenant IdTenant IdLowCardinality(String)
BU IdBU IdLowCardinality(String)
timestamptimestampDateTime64