Expand SSL Certificate Monitoring Beyond HTTPS
As a PRTG network administrator, I want to monitor SSL certificates for both HTTPS and MS SQL Server connections, so that I can proactively manage certificate expiration across all critical services without relying on complex external scripts.
Since the current SSL Certificate is only for web (HTTPS) ports, it might be useful to update the name to "HTTPS SSL Certificate".
Within the scope of MS SQL Server's connection SSL Certificate for the 1433 port, it will be useful to provide a way to monitor the certificate's expiry date. There is a number of pages with Python scripts that will pull the certificate, but to wire that into PRTG through a power shell script adds to many moving parts.
Billy Cole
shared this idea
-
Billy Cole
commented
The nature of using openssl to extract the expiry date is fairly straight forward, the problem becomes when the certificate is within a protocol handshake, like SNMP, SQL Server 1433, or within a java keystore, or MS keystore.
Instead of going after the certificate directly, provide a way to store the certificate on the PRTG core servers, then have a sensor monitor it from there.
If you want to be very helpful, provide a utility that can be scheduled to go extract the certificate from a web port, or key store, or from a server directory and copy it to the core servers' certificate store.
This would open up a vast array of certificate monitoring options and would be more performant than querying for the certificate.
On the sensor, also provide documentation on adding threshold triggers for 60,30, and 7 days left till expiry. -
AdminAntje Pich
(Admin, Paessler)
commented
As an IT Administrator, I want a native PRTG sensor to conveniently monitor the expiration dates of private and SMTP-TLS certificates, eliminating the need for custom scripts. This will ensure I'm proactively alerted to expiring certificates, preventing service disruptions and security vulnerabilities.