Hello
i was wondering how will i add a SSL monitoring if the domain goes like this *.yoursdomain.com. I tried to added it and getting configuration error. Any suggestion and inputs is welcome. TIA!
You can add the monitor with an actual subdomain such as "www.example.com". If the certificate changes from "*.example.com" to something else, or even to a valid name such as "www.example.com", we will still alert you that the certificate has changed.
You need to provide an actual subdomain because the certificate can only be retrieved with an SSL connection to a the web server.
Wildcards (*) are not supported as far as I know.
This
would be a great option to add for certificate monitoring. Maybe
something you should post as a feature request.
It's technically impossible to monitor a wildcard domain. We need an actual domain name that resolves to an IP address so that we can connect to the server and retrieve the certificate.
This is worth revisiting for sure. You have the option to "Skip hostname verification", can we get an option to "verify hostname domain only"? This would not impact the domain name resolving to an IP address.
Hi,
Agreed, we are already in the plan of revisiting this.
We have planned on solving this in two ways:
1. Provision to provide the domain name alone, then we’ll be scanning all the sub-domains under it , then we’ll contact any one of the sub-domain to download and monitor the certificate .
2. Provision to import the SSL certificate directly , then run monitor on the imported certificate , this will avoid the need to resolve the provided hostname to IP.
Feel free to let us know if you have any concerns in the above to approaches as well.
We are currently exploring other possibilities as well, will let you know once this enhancement is released.
Regards,
-Muthu
Product Manager, Site24x7