KBI 312032 Enhancement: New Rule Category SSL Certificate Rule In Argent Omega Baseline

Version

Argent Omega 2.2A-2301-A and above

Date

Wednesday, 28 December 2022

Summary

Argent Omega Baseline offers SSL Certificate Rules which constantly checks the validity of your SSL certificates, no matter what protocol you have employed. With the aid of our SSL Certificate Rules, monitor SSL certificate expirations to ensure that your web servers never go down to unsafe and insecure connections over expired SSL certificates.

Technical Background

Since many SSL certificates could be distributed across an organization, it can be difficult to track certificate expiry manually. Monitor SSL certificate expiration to renew them on-time. Reduce operational cost and time by automatically monitoring multiple SSL certificates.

Use SSL Certificate Rules to monitor the certificates of different SSL services. This Rule category provides the Rules for monitoring the SSL certificates of the following SSL services:

• Corba SSL

• IEEE-MMS-SSL

• HTTPS

• FTPS

• IMAPS

• POP3S

• SMTPS

• Custom TCP SSL Port

• LDAP over SSL (LDAPS)

• NNTP over SSL

• Windows RDP

• Openfiler

• VMware Authentication Daemon



Click For Full Size

Rule definition:



Click For Full Size

The SSL Mode determines how the SSL negotiation to be started. It can be any one of the following:

Automatic: If the remote port is set to the standard plaintext port of the protocol, the component will behave the same as if SSL Start Mode is set to Explicit. In all other cases, SSL negotiation will be Implicit.

Implicit: The SSL negotiation will start immediately after the connection is established.

Explicit: The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command.

Choose the SSL Service type from SSL Service combo box.

Check option Alert If Certificate Is Not Issued By SSL Digital Certificate Authority to Alert if the certificate of the selected SSL service was not issued by SSL Digital Certificate Authority.

Check option Alert If Certificate Has Expired to Alert if the server certificate of the selected SSL service has expired.

Check option Alert If Certificate Will Expire In nnn Days to Alert if the server certificate has expired or will expire within specified number of days.

Resolution

Upgrade to Argent Omega 2.2A-2301-A or above