Automating SSL Certificate Expiration Monitoring
By Ignacio Van Droogenbroeck / Jan 19, 2021 / InfluxDB, Community, Developer, InfluxDB Templates, Security
In my previous work experience, monitoring certificate validation was critical to our team. These certificates were used to sign commercial transactions between the payment gateway (us) and other providers. That check was manual and depended on the calendar of one person. So, if that person forgets to notify the team about the upcoming expiration of one certificate and doesn’t start the procedure of getting the new one, well, the platform starts to fail. This is what led me to create the x509 SSL Certificate Monitoring Template, an InfluxDB Template.
What happens when an x509 SSL certificate expires?
X.509 certificates have an expiration date that can prevent your website and applications from working properly, and thereby presenting your users with an alarming warning that the site’s security certificate has expired.
When a certificate expires, several things can happen. Your users will receive a message that your site is not secure. If yours is an e-commerce site, that can’t be good for business. Also, the certificates can be used to authenticate between systems and/or to sign commercial transactions.
One expired certificate means financial loss and bad customer experience. So one can just imagine the negative snowball effect of having many customers encounter several expired certificates.
How the X.509 SSL Certificate Monitoring Template works
To avoid being faced with certificate expiration and the business disruption and undermined credibility it can cause it is a best practice to check the expiration dates on a regular basis. The X.509 SSL Certificate Monitoring Template does just that – monitors SSL certificate expiration.
Like other InfluxDB Templates, this template lets you quickly define your entire monitoring configuration (data sources, dashboards, and alerts) in one easily-shared, open-source text file that can be imported into InfluxDB with a single command.
The template uses the x509 Telegraf plugin, and can handle many certificates at a time. It can be used in a corporate environment (for enterprises that handle a large number of certificates) to monitor certificates from a URL or directly in the certificate store. To install this template, sign up for your free InfluxDB Cloud account.
Free to use and simple to set up for your use case
This template can be used for free with an InfluxDB account. That’s one of the main advantages of using this template, and it’s very simple to set up and understand no need to configure or write a script.
While alerting isn’t built into the template, it would be straightforward to set alerts using familiar technologies, given how well InfluxDB integrates with incident management systems, to get notifications before a certificate expires.
More security-related InfluxDB Templates
Other security-related InfluxDB Templates include:
- The Fail2ban Monitoring Template, which helps you to determine if there are more (or less) IP addresses that you might want to add to your block list.
- The Endpoint Security State Template, which can be used to monitor certificates and authentication of determined endpoints.
Want more security-themed premade dashboards? Most InfluxDB Templates are community-contributed, so you could be the one to build the next template (and we’ll share it with the community in an article like this one)! Here’s how to build and submit your own InfluxDB Template.