[hobbit] SSL cert testing to match common name with host/URL?

Ralph Mitchell ralphmitchell at gmail.com
Wed Jun 16 13:05:34 CEST 2010


On Wed, Jun 16, 2010 at 4:05 AM, Buchan Milne <bgmilne at staff.telkomsa.net>wrote:

> On Tuesday, 15 June 2010 19:55:24 Cleaver, Japheth wrote:
> > I've been adding testing of https URLs into our system and noticed that
> >  while the expiration date checking is nice, Xymon doesn't seem to be
> >  checking testing the common name at all for validity (in the manner that
> a
> >  browser might).
>
> But, surely this isn't something you need to monitor? I mean, if you update
> a
> cert, you'll check it yourself (also to ensure that your client software
> has
> the relevant CA cert etc. etc.).


I was once asked to set up cert monitoring to check the expiry date every
hour.  The reason given was "in case we restore the server and bring back an
old cert"...  The company estimated they'd lose $50k per hour if they
couldn't take bookings.

Ralph Mitchell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20100616/6323b252/attachment.html>


More information about the Xymon mailing list