What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

SSL Expiry Sensor

Votes:

0

I have created a SSL Expiry sensor for one of our internal website. The sensor frequently gets alerted with "An unexpected error occurred on a send" message. I have looked through the certificate and found that there are 3 DNS name assigned to the certificate. Is because of that reason the sensor frequently gets alerted?

http-ssl-certificate-expiry https ssl-certificate

Created on Jan 13, 2015 5:25:56 PM



17 Replies

Accepted Answer

Votes:

0

Hi,

There is a new version of this sensor which should fix the issue. Thanks to PRTGToolsFamily. The fix will be implement in the stable version soon, meanwhile you can download the sensor from here and copy the file to the directory

C:\Program Files (x86)\PRTG Network Monitor\Sensor System

Best regards

Created on Jan 16, 2015 1:30:09 PM by  Felix Saure [Paessler Support]

Last change on Feb 26, 2015 12:22:03 PM by  Felix Saure [Paessler Support]



Votes:

0

Thanks Felix, the sensor works like a charm!

Created on Jan 26, 2015 5:12:22 PM



Votes:

0

Hi,

We tried the SSLCertExpiration.exe from PRTGToolsFamily but we still have the same issue.

The webserver uses TLS 1.2 with 128 bits encryption using AES_128_CGM och ECDHE_RSA.

Errorlog:

[Probe]
2015-02-04 13:58:10
Microsoft Windows Server 2012 R2 Standard 6.2.9200.0 en-US
[Sensor]
SSLCertExpiration 15.1.1
Run by PRTG probe.
[Parameters]
-u=https://**.**.** -t=60 -tls -debug=C:\ProgramData\Paessler\PRTG Network Monitor\Logs (Sensors)\Result of Sensor 13745.txt 
[Trace]
[Error]
The underlying connection was closed: An unexpected error occurred on a send.
Exitcode custom_error

Best Regards, Robin

Created on Feb 4, 2015 1:00:02 PM

Last change on Jun 26, 2015 1:39:56 PM by  Luciano Lingnau [Paessler]



Votes:

0

Hi,

Could you please forward the name of the site you are trying to monitor via email to [email protected] so that we are able to test the sensor for your certificate.

Best regards

Created on Feb 5, 2015 8:21:48 AM by  Felix Saure [Paessler Support]



Votes:

0

Hi,

Has the new version of the sensor been released in version 15.1.13.1382?

Regards Emma

Created on Feb 11, 2015 4:39:29 PM



Votes:

0

Hi Emma,

The sensor is currently tested by our QA-Team, please use the sensor linked above until the testing is finished.

Best regards

Created on Feb 12, 2015 9:56:29 AM by  Felix Saure [Paessler Support]



Votes:

0

Felix Saure [Paessler Support], I sent the URL to the site to [email protected] last friday.

Best Regard, Robin

Created on Feb 16, 2015 1:50:56 PM



Votes:

0

The download link above now gives a 404 error. Is this fixed sensor part of a recent release?

Created on Feb 26, 2015 12:26:56 AM



Votes:

0

I just updated the link and it should work again.

Best regards

Created on Feb 26, 2015 12:22:57 PM by  Felix Saure [Paessler Support]



Votes:

0

Is it possible to to have different states depending on the amount of days? For example less then 30 days is warning less then 10 days is critical.

Created on Oct 12, 2015 11:22:10 AM



Votes:

0

Hi Minipat,

You can click on the Days to Expiration and enable the limits at the bottom of the page. Here you can define thresholds to set the sensor in warning or error state.

Best regards, Felix

Created on Oct 13, 2015 5:36:30 AM by  Felix Saure [Paessler Support]



Votes:

0

Thank you so much Felix!

Created on Oct 13, 2015 8:13:35 AM



Votes:

0

FYI - We've had SSL 2 & 3 disabled for a while, as well as a number of other optimizations to harden SSL. RC4 runed off, etc (We get an A rating from SSL Labs).

When we disabled TLS1.0 of some of our servers, we started to get this "An unexpected error occurred on a send" message. Turned TLS1.0 back on, problem went away.

Created on Jan 30, 2016 9:34:13 PM



Votes:

0

This sensor does not work if TLS 1.0 is turned off on the server being monitored. Can you guys please fix this bug? TLS 1.0 is now required to be turned off in many certification reports.

"TLS v1.0 violates PCI DSS and is considered an automatic failing condition."

Created on Apr 29, 2016 3:31:53 AM



Votes:

0

Hi Today,

The sensor supports TLS 1.2, any chance that you are still using the old sensor? Please try to add a new "Certificate Expiry Sensors", does it work? If not, what error message is displayed?

Best regards, Felix

Created on Apr 29, 2016 2:53:18 PM by  Felix Saure [Paessler Support]



Votes:

0

Confirmed that this sensor does not work when TLS 1.0 is disabled. The message "The underlying connection was closed.." is returned when run from the command prompt when testing against a server I just disabled TLS 1.0 on (TLS 1.1 and 1.2 are still enabled which is confirmed by chrome developer tools from my browser when connecting via HTTPS and further confirmed by https://www.ssllabs.com/ssltest/). It was working perfectly fine prior to the change and continues to work on other servers where TLS1.0 is still enabled.

I further tested by doing a netsh trace. A network capture shows the application making two attempts to complete a SSL handshake using TLS1.0 and then giving up instead of negotiating for TLS 1.1 or 1.2.

Support, you say that the sensor supports TLS 1.2 but I think you're mistaken. I would be happy to cooperate with someone from your side to get this resolved as we monitor many SSLs and the alternate SSL sensor in PRTG is not suitable (we do not create a separate site for every single SSL we monitor because we use this sensor to quickly identify which server the SSL resides on).

If anyone else has a custom python/vbscript/exe that plugs into PRTG sensor library, I'm confident others in the community would be eternally grateful, especially as migrating away from early TLS implementations becomes a higher priority (i.e. PCI Data Security Standard 3.1)

Thanks

Created on May 11, 2017 9:46:32 PM



Votes:

0

Dear Abolduc,

The old SSL Expiry sensor is deprecated and will not be updated anymore. The new PRTG sensor supports TLS 1.2 natively. You're right that it requires one device for every SSL check, this is by design and cannot be changed, sorry.

Best regards, Felix

Created on May 12, 2017 10:14:34 AM by  Felix Saure [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.