Skip to main content
Top
Review meshIQ Products (G2.com)

Monitoring SSL Certificate Expiry using Autopilot

SSL certificates are vital for ensuring secure communication between systems and client applications. Monitoring certificate expiry is crucial to maintain uninterrupted connectivity. Autopilot can be configured to monitor SSL certificate expirations by utilizing the Process Wrapper feature and custom scripts. 

Overview

You can track SSL certificate expiration dates across various systems by leveraging Autopilot’s ability to collect and visualize facts. This setup involves :

  1. Deploying a Process Wrapper on the Autopilot.

  2. Running custom shell scripts to query SSL certificates.

  3. Publishing certificate expiry information as facts.

Setup and Configuration

Step 1: Deploy the Process Wrapper

Follow the instructions in the Autopilot Admin User Guide (Chapter 4.5.3 & 4.5.4) to deploy and configure the Process Wrapper. Ensure it is correctly set up to receive facts from the monitoring scripts.

Step 2: Script Overview

The solution utilizes two shell scripts :

  • keytool_cert_expiry_loop.sh: Runs in the background, periodically initiating the main script to check certificate expiry.

  • keytool_cert_expiry.sh: Parses the output of the certificate command and sends the expiry data as facts to Nastel Autopilot.

Step 3: Script Configuration

Edit the following parameters in the keytool_cert_expiry_loop.sh script:

  • Hostname and Port to match your Autopilot environment.

  • Keystore Path and Password to access your SSL certificates.

Step 4: Script Execution

Run the script in the background using the following command:

/keytool_cert_expiry_loop.sh &

This script checks for certificate expirations every 24 hours and publishes the remaining days as facts to Autopilot.

Example Output

Once configured, the facts are published in Autopilot’s Expert (Process Wrapper) as shown below :

  • expiry_date: 9/11/20 4:44 AM

  • expiry_days_left: 353

(Refer to the image below for a visual representation.) 

certificate-expiry-facts.PNG

Conclusion :

By integrating SSL certificate expiry monitoring into Autopilot, administrators can proactively manage expiring certificates and ensure continuous secure communication.

For further assistance, feel free to reach out to our support team. 

Related to