On 25-10-2011 16:30, Larry Barber wrote:
We recently had some intermediate ssl certificates expire without warning. Have any of you figured out a way to monitor these using Xymon?
Not really possible, because intermediate certs need not be present on the server where your own certificate is - it is sufficient that the client accessing your https-server knows the intermediate (and root) certificate. So there is no place for Xymon to fetch the intermediate certificate.
However, I am surprised that you have a certificate which is issued with an expiry date *after* the intermediate certificate by which it was signed. I assume that is the case - if not, then your own certificate must have expired and Xymon will warn you about that!
So something doesn't sound right.
Regards, Henrik