This bundle shows you how to both monitor the expiry dates for SSL certificates and to set up reporting and alerts for those events.
- Download and apply the bundle.
- Locate the bundle you just downloaded and click Upload. The View Bundle window will appear.
- Review the Alerts, Triggers, Pages, and Groups. There should be one of each.
- In the Actions box, select Apply 1 included assignment and click Apply.
- Edit the Trigger to catch cert(s) you care about. By default, the trigger catches ALL certs. The line to edit is a regular expression and looks like this: var subjectsOfInterest = /./i;. To catch expiring certificates for foo.com or bar.com, use something like this: var subjectsOfInterest = /(foo.com|bar.com)/i;
- Optional. Edit the trigger to change the alerting window. By default, the trigger alerts when a cert is going to expire within 90 days. To edit the trigger, click Settings, click Triggers, and then click SSL Expiration Check. The line to edit is: var advanceDaysNotice = 90;
- Optional. Add email address(es) to receive alerts for soon-to-expire SSL certs. By default, alerts are NOT sent. To add a notification group, click Settings, click Admin, click Notifications, then click Email Groups.
- Edit the Alert. Look at (and modify) the following:
- Look at the Alert Settings tab, specifically, the Firing Mode section. Edge triggered means that the alert fires once. Level triggered means the alert fires every interval specfied.
- Look at Notifications section. Add the notification group here. If you created a custom email notification group above, you would add it here.
- Assign the custom page to the network(s) that you want to monitor. Click Networks then select a capture. Click the green plus next to Pages and add the SSL Expiration page. Note: Typically a top-level capture is used as it sees all VLANs being supplied to ExtraHop.
- Finally, assign the alert to the network(s) that you want to monitor for expiring SSL certificates. As with the previous step, click Networks and select a capture. Click the green plus next to Alerts and add the Expiring SSL Certificates alert.