[Xymon] monitoring intermediate ssl certs
Henrik Størner
henrik at hswn.dk
Tue Oct 25 16:35:02 CEST 2011
On 25-10-2011 16:30, Larry Barber wrote:
> We recently had some intermediate ssl certificates expire without
> warning. Have any of you figured out a way to monitor these using Xymon?
Not really possible, because intermediate certs need not be present on
the server where your own certificate is - it is sufficient that the
client accessing your https-server knows the intermediate (and root)
certificate. So there is no place for Xymon to fetch the intermediate
certificate.
However, I am surprised that you have a certificate which is issued with
an expiry date *after* the intermediate certificate by which it was
signed. I assume that is the case - if not, then your own certificate
must have expired and Xymon will warn you about that!
So something doesn't sound right.
Regards,
Henrik
More information about the Xymon
mailing list