What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Multible selfsigned and public trustet certificate monitoring

Votes:

0

Hello, follow challenge i have to solve.

We have on a server 3 certifcates activ, 2 selfsigned and 1 public trusted.
the sefsigned has CN & SNI name like "server1.domain.com" & "server2.domain.com"
the public trusted has a CN & SNI name like "*.domain.com"

The monitorining of the selfsigned certificate are no problem with the certificate sensor of PRTG but i found no way to monitor the public trusted.
From my point of view is the wildcard in the CN "*.domain.com" the problem... the sensor use everytime the shortest mach. In my case the certificate "server1.domain.com"

Is there a way to select more then one criteria or certificates or make some exclusions on the SNI name?

Many thanks

Christof

certificates multiple-certificates ssl-certificate

Created on May 4, 2021 9:18:52 AM

Last change on May 4, 2021 9:48:06 AM by Felix Wiesneth [Paessler Support]



3 Replies

Votes:

0

Hello, are you able to enter the specific certificate name instead of using the wildcard? Creating separate SSL Certificate sensors, one for each certificate that you want to monitor. Or if needed create a separate device with a different IP address in case the public trusted uses a different IP.

Created on May 7, 2021 5:24:07 AM by Jonathan Mena [Paessler Technical Support]



Votes:

0

Hello Jonathan, if i use an specific certificate name the necessary certificate is monitored correct. The challenge is that we have on the same server with the same IP-adress a wildcard certificate, like "*.domain.com" and if i setup monitoring for this certificate the sensor takes every time one of the named certificates, like "server1.domain.com".

If i understand this sensor correct I can only setup the SNI Name of the certificate and can mark a validation for CN & SAN Name. Can i define some more points to check? Helpfully for me would be the name of the certificate authority.

Many thanks Christof

Created on May 17, 2021 12:53:49 PM



Votes:

0

Christof, unfortunately at the moment we don't have a way to define any detailed criteria on these sensors.

Created on May 19, 2021 11:54:29 PM by Jonathan Mena [Paessler Technical Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.