Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    SSL Certificate Monitoring

    Last updated on 30 May, 2023

    LogicMonitor monitoring for SSL Certificates across a range of common ports. With a focus on diagnosing chain validity and expiry, these modules are a useful part of your toolkit for anticipating and resolving certificate errors.

    Compatibility

    • LogicMonitor uses standard Java based SSL checks that should be equivalent to most modern browsers or applications.
    • The modules in this monitoring package work with all common certificate types.

    Setup Requirements

    This monitoring package requires access to ports that will be tested from the Collector (such as port 443).

    Add Resources into Monitoring

    Add hosts that make use of SSL certificates (HTTPS servers etc) into monitoring. For more information on adding resources into monitoring, see Adding Devices.

    Import LogicModules

    From the LogicMonitor public repository, import all SSL Certificate LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions. Data collection will automatically start once the LogicModules are imported.

    Troubleshooting

    • Failures in certificate chains are often difficult to diagnose. We suggest you start by using the included SSL_Certificate_Chains module to identify which part of the chain is failing using the “Certificate Issues” and “Expiry Time” graphs.
    • When an issue is found on a certificate within the chain, use the thumbprint to identify the matching certificate within your environment and attempt to resolve the issue.
    • If an issue is reported on a thumbprint you can confirm is no longer part of the chain, there is a possibility your web server has cached this chain and should be restarted or updated.
    • Before contacting support, it is useful to cross-check LogicMonitor with your web browser of choice to confirm the same thumbprints are being returned.

    LogicModules in Package

    LogicMonitor’s package for SSL Certificates consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

    Display NameTypeDescription
    Device_BasicInfoPropertySourceExtracts basic information from Linux and Windows hosts.
    Applies to on-prem/cloud device types with an assigned collector. Specific to this suite, detects open SSL ports and assigns them to auto.network.listening_ssl_ports.
    SSL_CertificatesDataSourceMonitors SSL validity information across all common SSL ports. This module provides an overview of the entire chain and if it would appear valid to an external browser or application.
    SSL_Certificate_ChainsDataSourceMonitors SSL chains across all common SSL ports. This module does not alert by default, but instead offers a more detailed view of the entire chain in order to assist in more detailed diagnostics when an issue is identified by other modules in the package.

    Note: Use the optional host property ssl.cert.monitor=false to exclude devices from SSL certificate monitoring.

    In This Article