About SSL Checks
SSL provides the encryption for websites and other Internet services. SSL certificates are a key part of the encryption, and so they are an essential part of any ecommerce or business website that requires protection from eavesdropping and theft. Certificates are issued by the various certificate authorities to establish trust for the encryption. They verify the identity of the other end of the connection and provide credentials for the encryption. The certificates have expiration dates, and typically should be replaced before they expire to maintain safe encryption without an interruption.
When to use SSL Checks
NodePing's SSL checks are an important part of your secure server monitoring strategy. The check can be used to ensure the validity of your SSL certificates, ensure that your web servers are handling the certificate correctly, and warn you well before your certificates expire, giving you time to renew them.
Using SSL Checks
To set up an SSL check,
- Select SSL from the Check type drop down.
- Give it a friendly label to identify this check in lists and notifications.
- Set which geographical region you want the check to run from. The default is your account default region.
- Set how often you want the check to run on the Check Frequency field. Since SSL certificates are usually issued for 1-3 years, checking once a day is usually sufficient.
- Set the URL where the SSL certificate can be found. This is usually an HTTPS address such as 'https://example.com'. The default port is 443 but alternate ports are supported using the standard URL syntax such as 'https://example.com:8080'. If you use the 'CN/Subject/Alt Name' feature you can put the IP address in the URL like 'https://18.104.22.168/'
- Optionally set a FQDN in the 'CN/Subject/Alt Name' field. We'll send it in the SSL connection request. This is useful to check a certificate on an SNI enabled server. Example: myserver.nodeping.com. Wildcards in the FQDN are not supported.
- Optionally set the number of days in advance of certificate expiration you would like to be alerted. If you leave this blank, the check will fail once the certificate expires.
- Set a time out. The default 5 seconds works fine for most situations.
- Set the Sensitivity. High is usually appropriate.
- Set the notifications for this check. More information about notifications.
- To check that SSL certificates are signed by a valid certificate authority and match the domain.
- To receive an alert before SSL certificates expire.
SSLv3/TLS1.0 are not supported.
Certificate revocation/OCSP Stampling are not checked.
To verify a certificate is working on a back-end server to a CDN, set the IP address in the URL and the FQDN in the 'CN/Subject/Alt Name' field.