[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [hobbit] SSL cert testing to match common name with host/URL?

To: hobbit (at) hswn.dk
Subject: Re: [hobbit] SSL cert testing to match common name with host/URL?
From: Ralph Mitchell <ralphmitchell (at) gmail.com>
Date: Wed, 16 Jun 2010 07:05:34 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=3tkCS1DmgFW2rnIDHj4xim4YhUlvyV1sfBKQrYUJMHg=; b=PEejVk8DoEHYCOIVWS+ZOb63Mor40I5D3FIheoh7c7Gt8N2O6vpOx77NLJs4yYRF9d v78hb51ttVXBUdzmU/jWElenCQqdjkNPUwX5+9CZKqLo1oxpHhO4y8VdEPIxRBjAgBkr H1COg0Y8n6KIewgZnL/q5aBnjrjAG1bHASg0w=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=JqAzLh4rAOEfNXnknwaMHK+RiAbjLPNzPv8e0KA02KH5I+Qd1KncTRVe7R2a8jmFnw NBK880+A8CiWEn82YTpLc4fjh8JVrcl+7PF+jYsSsGs+TImdYeLbaDCeuzULbMVzqyqf 7bLykQw5oIYOdR0P+TI3/pFmiLgWpe+B7K4g8=
References: <7EA6A25EC6360A488E0EBB5F3F21A0DC2B952FCA (at) mail-sd4.ad.soe.sony.com> <201006160905.22322.bgmilne (at) staff.telkomsa.net>

On Wed, Jun 16, 2010 at 4:05 AM, Buchan Milne <bgmilne (at) staff.telkomsa.net>wrote:

> On Tuesday, 15 June 2010 19:55:24 Cleaver, Japheth wrote:
> > I've been adding testing of https URLs into our system and noticed that
> >  while the expiration date checking is nice, Xymon doesn't seem to be
> >  checking testing the common name at all for validity (in the manner that
> a
> >  browser might).
>
> But, surely this isn't something you need to monitor? I mean, if you update
> a
> cert, you'll check it yourself (also to ensure that your client software
> has
> the relevant CA cert etc. etc.).


I was once asked to set up cert monitoring to check the expiry date every
hour.  The reason given was "in case we restore the server and bring back an
old cert"...  The company estimated they'd lose $50k per hour if they
couldn't take bookings.

Ralph Mitchell

References:
- SSL cert testing to match common name with host/URL?
  - From: Cleaver, Japheth
- Re: [hobbit] SSL cert testing to match common name with host/URL?
  - From: Buchan Milne

Prev by Date: Limit on bbproxy display servers
Next by Date: Re: [hobbit] temperature test and graphing
Previous by thread: Re: [hobbit] SSL cert testing to match common name with host/URL?
Next by thread: RE: [hobbit] SSL cert testing to match common name with host/URL?
Index(es):
- Date
- Thread