On Wed, Jun 16, 2010 at 4:05 AM, Buchan Milne <user-9b139aff4dec@xymon.invalid>wrote:
On Tuesday, 15 June 2010 19:55:24 Cleaver, Japheth wrote:
I've been adding testing of https URLs into our system and noticed that
while the expiration date checking is nice, Xymon doesn't seem to be
checking testing the common name at all for validity (in the manner that
a
browser might).
But, surely this isn't something you need to monitor? I mean, if you update
a
cert, you'll check it yourself (also to ensure that your client software
has
the relevant CA cert etc. etc.).
I was once asked to set up cert monitoring to check the expiry date every
hour. The reason given was "in case we restore the server and bring back an
old cert"... The company estimated they'd lose $50k per hour if they
couldn't take bookings.
Ralph Mitchell