Ad Widget

Collapse

Discovering Virtual Hosts for ssl certificate monitoring

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • StefanK
    Junior Member
    • Jan 2023
    • 22
    #1

    Discovering Virtual Hosts for ssl certificate monitoring

    Hi All

    Im trying to find a way to monitor the ssl certs of all my virtual hosts but im having no luck. Is there any way to auto-discover all of them and have the ssl cert template give me info for all of them?

    Thanks for the help
    Tags: None
    • LenR
      Senior Member
      • Sep 2009
      • 1005
      #2
      How do your hosts use these certificates? I thought about this for years, but in our environment, there were too many variables. A host could have a SSL cert for a web side matching it's hostname, it could have a cert for a vanity DNS name, or it could have MANY certs for something like Apache virtual hosting.

      Does your cert renewal tool have an API, it might be better to catch them administratively, when a cert is created for a host, use the Zabbix API to setup monitoring. BUT, just monitoring when something else things a cert is good doesn't work if the cert then isn't properly installed on the target host.

      And I didn't even consider Windows.....

      If all your hosts did something like put the cert in the same place, with the same name, maybe. But IMHO, unless you get the cert info via a tcp check to the service, you aren't really monitoring what is sent.

        Comment

        • MickeyPM
          #2.1
          MickeyPM commented
          06-02-2023, 11:44
          Editing a comment
          Thanks.
          Our goal is the Apache Virtual host DNS monitoring. Each vhost DNS and its related certificates should be checked.
          These are customer servers, and we do not have access to any of the cert renewal tools and it's API 's, so we need to check the installed certs for each vhost defined.
        • StefanK
          Junior Member
          • Jan 2023
          • 22
          #3
          Im pretty sure they are apache virtual hosts

            Comment

            • MickeyPM
              Junior Member
              • Apr 2020
              • 13
              #4
              We are monitoring various customer hosts, primarily running Apache.
              On these hosts various virtual hosts (one-or-multiple), each with its specific DNS names and SSL certificates are added, deleted or updated, on a ongoing basis.
              The objective is to use the Zabbix agent to execute a discovery rule to return all the defined virtual hosts.
              And then the Zabbix agent using the DNS name to retrieve the certificates and check the validaty of these.
              There can also potentially be virtual hosts for various domain names on the same server.
              This check should not be done from the Zabbix server as some of these DNS records are internal to the customer infrastructure and not always exposed to the DMZ network, where the Zabbix server is hosted.

              [my-user@my-customer:tmp]# apachectl -S
              VirtualHost configuration:
              xxx.xxx.xxx.xxx:443 is a NameVirtualHost
              default server test.my-customer.com (/usr/sys_data/vhosts/virtualhosts_test.conf:3)
              port 443 namevhost test.my-customer.com (/usr/sys_data/vhosts/virtualhosts_test.conf:3)
              port 443 namevhost uat.my-customer.com (/usr/sys_data/vhosts/virtualhosts_test.conf:63)
              ​port 443 namevhost dev.my-customer.com (/usr/sys_data/vhosts/virtualhosts_test.conf:123)
              ​port 443 namevhost test.other-domain.com (/usr/sys_data/vhosts/virtualhosts_test.conf:123)
              ​​*:443 test.my-customer.com (/etc/httpd/conf.d/ssl.conf:40)
              Last edited by MickeyPM; 06-02-2023, 11:46.

                Comment

                Previous template Next
                Working...