Configuration of SSLCertExpiryTest

This test monitors all the SSL certificates that have been configured for the target windows host. For each SSL certificate, this test captures the expiry date of the SSL certificates, computes how long each certificate will remain valid, and proactively alerts administrators if any certificate is nearing expiry.

The default parameters associated with this test are as follows:

• The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

• In the HOST text box, the host for which the test is to be configured has to be specified.

• Specify the port at which the specified HOST listens to in the PORT text box.

• Specify the time period in days during which this test should report the expiry details of the SSL certificates against the EXPIRY IN DAYS parameter.

• By default, none is specified against the THUMBPRINT parameter indicating that this test will monitor all the SSL certificates on the target host. Sometimes, administrators may only want to track the expiry of a SSL certificate that secures the most critical connection so as to ensure continuous availability of the certificate. To achieve this, administrators can specify thumbprint/fingerprint of that particular SSL certificate in the THUMBPRINT field. A thumbprint/fingerprint is the unique identifier of the SSL certificate and of the following format: 934367bf1c97033f877db0f15cb1b586957d313. Specifying the thumbprint will enable the test to monitor only the SSL certificate whose thumbprint has been configured.

  For instance, to check a certificate's fingerprint/thumbprint in the Internet Explorer, do the following steps:

  • Open Internet Explorer

  • Go to Tools --> Internet Options

  • Click Content tab --> Certificates

  • In the Certificates window, click on the tab for the certificate you want to examine (Personal, Other People, Intermediate Certification Authorities, Trusted Root Certification Authorities)

  • Locate the certificate or root in the list

  • Double click on the entry

  • Click the Details tab

  • Scroll to Thumbprint, the Thumbprint details will be displayed.

• To make diagnosis more efficient and accurate, the eG suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the DETAILED DIAGNOSIS capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

  The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

  • The eG manager license should allow the detailed diagnosis capability.

  • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

• If multiple components of the same component type are awaiting configuration, then an APPLY TO OTHER COMPONENTS check box will appear in this page. Clicking on this check box will allow you to apply the configuration to all/selected components of that type.

• Once the necessary values have been provided, clicking on the UPDATE button will register the changes made.

When changing the configuration for specific servers, a “*” beside the text box corresponding to the parameter signifies that these values have to be manually configured by the user. The parameter values that require to be configured will typically be prefixed with a “$” or contain a series of “*”. A value of “none” in the parameter value indicates that the corresponding parameter value can be changed if required.