Hello,
follow challenge i have to solve.
We have on a server 3 certifcates activ, 2 selfsigned and 1 public trusted.
the sefsigned has CN & SNI name like "server1.domain.com" & "server2.domain.com"
the public trusted has a CN & SNI name like "*.domain.com"
The monitorining of the selfsigned certificate are no problem with the certificate sensor of PRTG
but i found no way to monitor the public trusted.
From my point of view is the wildcard in the CN "*.domain.com" the problem... the sensor use everytime the shortest mach. In my case the certificate "server1.domain.com"
Is there a way to select more then one criteria or certificates or make some exclusions on the SNI name?
Many thanks
Christof
Article Comments
Hello Jonathan, if i use an specific certificate name the necessary certificate is monitored correct. The challenge is that we have on the same server with the same IP-adress a wildcard certificate, like "*.domain.com" and if i setup monitoring for this certificate the sensor takes every time one of the named certificates, like "server1.domain.com".
If i understand this sensor correct I can only setup the SNI Name of the certificate and can mark a validation for CN & SAN Name. Can i define some more points to check? Helpfully for me would be the name of the certificate authority.
Many thanks Christof
May, 2021 - Permalink
Christof, unfortunately at the moment we don't have a way to define any detailed criteria on these sensors.
May, 2021 - Permalink
Hello, are you able to enter the specific certificate name instead of using the wildcard? Creating separate SSL Certificate sensors, one for each certificate that you want to monitor. Or if needed create a separate device with a different IP address in case the public trusted uses a different IP.
May, 2021 - Permalink