[Xymon] monitoring intermediate ssl certs

[Root, Paul]

I missed the intermediate part.

Paul Root    - Engineer III
Managed Services Systems - CenturyLink



> -----Original Message-----
> From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On
> Behalf Of Henrik Størner
> Sent: Tuesday, October 25, 2011 9:35 AM
> To: xymon at xymon.com
> Subject: Re: [Xymon] monitoring intermediate ssl certs
>
> On 25-10-2011 16:30, Larry Barber wrote:
> > We recently had some intermediate ssl certificates expire without
> > warning. Have any of you figured out a way to monitor these using
> Xymon?
>
> Not really possible, because intermediate certs need not be present on
> the server where your own certificate is - it is sufficient that the
> client accessing your https-server knows the intermediate (and root)
> certificate. So there is no place for Xymon to fetch the intermediate
> certificate.
>
> However, I am surprised that you have a certificate which is issued
> with
> an expiry date *after* the intermediate certificate by which it was
> signed. I assume that is the case - if not, then your own certificate
> must have expired and Xymon will warn you about that!
>
> So something doesn't sound right.
>
>
> Regards,
> Henrik
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon

This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.