I missed the intermediate part.
Paul Root - Engineer III
Managed Services Systems - CenturyLink
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On
Behalf Of Henrik Størner
Sent: Tuesday, October 25, 2011 9:35 AM
To: xymon at xymon.com
Subject: Re: [Xymon] monitoring intermediate ssl certs
On 25-10-2011 16:30, Larry Barber wrote:
We recently had some intermediate ssl certificates expire without
warning. Have any of you figured out a way to monitor these using
Xymon?
Not really possible, because intermediate certs need not be present on
the server where your own certificate is - it is sufficient that the
client accessing your https-server knows the intermediate (and root)
certificate. So there is no place for Xymon to fetch the intermediate
certificate.
However, I am surprised that you have a certificate which is issued
with
an expiry date *after* the intermediate certificate by which it was
signed. I assume that is the case - if not, then your own certificate
must have expired and Xymon will warn you about that!
So something doesn't sound right.
Regards,
Henrik
This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.