Ideas for Apica Synthetic Monitoring

Got an idea? Share it here and we'll have a look at it.

SSL Cert monitoring

Since you can monitor SSL info with OpenSSL at the command line the most simple solution I can anticipate is that you add a hostname to a special 'SSL Check' and during the setup you hit a button which sets the 'expected end date' of the SSL Cert. You then setup thresholds for Error, Warning, Fatal (Say 45 days, 30 days & 15 days) and the check detects this.

It would be even better to track the fingerprint and other details associated with the Cert to protect against MITM or similar. This would effectively mean your product also encompasses the type of functionality other specialist products like http://redkestrel.co.uk/ have.

If you guys are using another solution to this problem let me know but I think it meshes quite nicely with your software!

  • Gravatar Guest
  • Sep 8 2014
  • Shipped
  • Attach files
  • Guest commented
    April 15, 2015 09:12

    Can you update this?

     

    You implemented something for SSL but it doesn't match this. So I guess this can just be closed as I don't think you have plans to change the implementation?

  • Admin
    Erik Torlen commented
    April 15, 2015 09:23

    This was implemented according to what was discussed earlier. What is it that you believe does not match the current implementation?

  • Guest commented
    April 15, 2015 12:08

    Hi Erik,


    The problem is that the current monitor only accepts a single domain name. If you are running a big org with lots of vendors, SaaS that you want to keep an eye on, and of course multiple DCs and SSL termination points including CDNs as well it is pretty prohibitive to use the feature as it looks at the moment both in terms of how much pain it is to setup & maintain the checks but also commercially.


    I understand that the flipside is commercially it give you limited scope to extract value from this if you start accepting a lot of domains per check because most orgs have a handful of SSL termination points and so running a check for each is totally viable. The miscommunication is that we sent a longer requirement offline that covered this use case and we were under the impression that what was delivered would cover this.


    That is fine if what we want doesn't meet the wider community need but in any case this is still down as 'planned' and if it is delivered you may as well flick it to shipped?


    Thanks,

    Rich

     

  • Admin
    Erik Torlen commented
    April 15, 2015 14:52

    Hi,

    I understand that usage that you are looking for - to cover more domains in one single check. The initial requirement covered the functionality that has been implemented, what you are mentioning is more like an enhancement of the checktype to support multiple hostnames to verify on. The functionality is there and can easily be set up - we have several cases where many domains are monitored using the checks. 

    The current checks with single domains gives the flexibility to take out reports on specific domains and also alert different people depending on the domain. 
    Regarding the commercial side, I would say that these checks may not run as often as other checks so I'm sure that is a discussion that can be made.

    This idea should have been shipped way back - it's a mistake that occurred, sorry about that.

    I'll let you send in another Idea that we can jump on to cover the enhancement of supporting several different hostnames - as a follow up on this implementation.

    Erik

  • Gravatar