Agents Administration - Tests
 

Default Parameters for SSLCertExpiryTest

This test monitors all the SSL certificates that have been configured for the target windows host. For each SSL certificate, this test captures the expiry date of the SSL certificates, computes how long each certificate will remain valid, and proactively alerts administrators if any certificate is nearing expiry.

This page depicts the default parameters that need to be configured for the SSLCertExpiryTest test.

  • The TEST PERIOD list box helps the user to decide how often this test needs to be executed.

  • Specify the time period in days during which this test should report the expiry details of the SSL certificates against the EXPIRY IN DAYS parameter.

  • By default, none is specified against the THUMBPRINT parameter indicating that this test will monitor all the SSL certificates on the target host. Sometimes, administrators may only want to track the expiry of a SSL certificate that secures the most critical connection so as to ensure continuous availability of the certificate. To achieve this, administrators can specify thumbprint/fingerprint of that particular SSL certificate in the THUMBPRINT field. A thumbprint/fingerprint is the unique identifier of the SSL certificate and of the following format: 934367bf1c97033f877db0f15cb1b586957d313. Specifying the thumbprint will enable the test to monitor only the SSL certificate whose thumbprint has been configured.

    For instance, to check a certificate's fingerprint/thumbprint in the Internet Explorer, do the following steps:

    • Open Internet Explorer

    • Go to Tools --> Internet Options

    • Click Content tab --> Certificates

    • In the Certificates window, click on the tab for the certificate you want to examine (Personal, Other People, Intermediate Certification Authorities, Trusted Root Certification Authorities)

    • Locate the certificate or root in the list

    • Double click on the entry

    • Click the Details tab

    • Scroll to Thumbprint, the Thumbprint details will be displayed.

  • To make diagnosis more efficient and accurate, the eG suite embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the DETAILED DIAGNOSIS capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option.

    The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:

    • The eG manager license should allow the detailed diagnosis capability.

    • Both the normal and abnormal frequencies configured for the detailed diagnosis measures should not be 0.

  • Once the above values are provided, click on the UPDATE button to register the changes made.

When changing default configurations of tests, the values with “$” indicate variables that will be replaced by the eG system according to the specific server being managed - for instance, $hostName is the host/nickname of the target host, $port is the port number of the server being monitored. E.g., for a server xyz:80, $hostName will be changed automatically by the eG manager to “xyz*” and $port will be changed to “80” when configuring a test.