What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

SSL certificate expiration

Votes:

0

We upgraded our monitor to version 16.3.25.6124+

In this version, the sensor HTTP SSL certificate expiration has been replaced by SSL certificate Sensor. The HTTP SSL certificate expiration sensor worked fine without any problems.

But when I use this new sensor SSL certificate I get the following error:

Failed to establish secure connection [Step 0] Socket Error # 11004 [Step 1] Socket Error # 11004 [Step 2] Socket Error # 11004 [Step 3] Socket Error # 11004 [Step 4] Socket Error # 11004

One of the sites I'm trying to monitor with this new sensor is https://www.zenito.be I tried using the IP address, address with(out) http(s) or www

The server on which the sensor is installed can access the site.

Can you help me?

new-software-version ssl-certificate sslcertexpiration

Created on Sep 15, 2016 8:34:16 AM

Last change on Sep 15, 2016 8:53:54 AM by Luciano Lingnau [Paessler]



2 Replies

Accepted Answer

Votes:

0

Hello and thank you for your post.

Please note that the HTTP SSL Certificate Expiry was recently deprecated. You should now use the new "SSL Certificate Sensor", which has the same/more capabilities and supersedes the old sensor. The new sensor is also more performant and less error-prone.

Please be aware that this sensor works a bit differently from the old one. As were the old 'HTTP SSL Certificate Expiry' could be placed on any device and monitor any URL, the new sensor will always query it's parent device, which 'fits nicely' with PRTG's concept of sensors x devices. This also increases the sensor's compatibility with the Auto-Discovery.

Deployment

For instance, to monitor the certificate for https://www.zenito.be the device's address must be the FQDN www.zenito.be for best results. (It could also be the IP, but to cope with changing IP's the FQDN is the best option).

While deploying the sensor on the newly created device you will only need to enter a port (For HTTS, usually 443, default).

Should this FQDN/Server be able to provide multiple SSL Certificates (trough Server Name Indication) this can also be configured within the sensor's settings. In this case use multiple sensors with different SNI's to query multiple certificates from the same device.

I've tested the mentioned URL/FQDN with PRTG 16.3.25.6124 and I'm able to confirm that the sensor is working. Please let me know if the new sensor works for you.

Explanation

Conceptually using URL's for this sensor didn't make much sense, since the SSL Configuration is always defined for the whole webserver/ip/socket, and all sub-pages of the website will be provided by the same webserver/ip/socket. The new sensor doesn't use HTTP Requests but does a low-level SOCKET connection, making this sensor compatible not only websites that use SSL but with any socket that implements SSL, example: SMTPS, POP3S, 3rd-party protocols with SSL.

More

Here's a second example of the SSL Certificate Sensor's usage:

Best Regards,
Luciano Lingnau [Paessler Support]

Created on Sep 15, 2016 9:05:06 AM by Luciano Lingnau [Paessler]

Last change on Feb 16, 2018 9:27:22 AM by Luciano Lingnau [Paessler]



Votes:

0

Jeah, I see now. Yep, that works, thnx!!

Created on Sep 15, 2016 9:19:35 AM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.