SSL Certificate Monitoring

LogicMonitor monitoring for SSL Certificates across a range of common ports. With a focus on diagnosing chain validity and expiry, these modules are a useful part of your toolkit for anticipating and resolving certificate errors.

Compatibility

  • LogicMonitor uses standard Java based SSL checks that should be equivalent to most modern browsers or applications.
  • The modules in this monitoring package work with all common certificate types.

Setup Requirements

This monitoring package requires access to ports that will be tested from the Collector (such as port 433).

Add Resources into Monitoring

Add hosts that make use of SSL certificates (HTTPS servers etc) into monitoring. For more information on adding resources into monitoring, see Adding Devices.

Import LogicModules

From the LogicMonitor public repository, import all SSL Certificate LogicModules, which are listed in the LogicModules in Package section of this support article. If these LogicModules are already present, ensure you have the most recent versions. Data collection will automatically start once the LogicModules are imported.

Troubleshooting

  • Failures in certificate chains are often difficult to diagnose. We suggest you start by using the included SSL_Certificate_Chains module to identify which part of the chain is failing using the “Certificate Issues” and “Expiry Time” graphs.
  • When an issue is found on a certificate within the chain, use the thumbprint to identify the matching certificate within your environment and attempt to resolve the issue.
  • If an issue is reported on a thumbprint you can confirm is no longer part of the chain, there is a possibility your web server has cached this chain and should be restarted or updated.
  • Before contacting support, it is useful to cross-check LogicMonitor with your web browser of choice to confirm the same thumbprints are being returned.

LogicModules in Package

LogicMonitor’s package for SSL Certificates consists of the following LogicModules. For full coverage, please ensure that all of these LogicModules are imported into your LogicMonitor platform.

Display NameTypeDescription
Device_BasicInfoPropertySourceExtracts basic information from Linux and Windows hosts.
Applies to on-prem/cloud device types with an assigned collector. Specific to this suite, detects open SSL ports and assigns them to auto.network.listening_ssl_ports.
SSL_CertificatesDataSourceMonitors SSL validity information across all common SSL ports. This module provides an overview of the entire chain and if it would appear valid to an external browser or application.
SSL_Certificate_ChainsDataSourceMonitors SSL chains across all common SSL ports. This module does not alert by default, but instead offers a more detailed view of the entire chain in order to assist in more detailed diagnostics when an issue is identified by other modules in the package.

When setting static datapoint thresholds on the various metrics tracked by this package’s DataSources, LogicMonitor aims to alert on potentially damaging issues while only showing minor issues within reported metrics. If necessary, we encourage you to adjust these predefined thresholds to meet the unique needs of your environment. For more information on tuning datapoint thresholds, see Tuning Static Thresholds for Datapoints.

In This Article