You may think that SSL problems are very rare and that SSL certificates always get renewed in time. Sadly, these problems occur more frequently than you think. A high workload or bad internal communication can be enough to miss a vital SSL renewal deadline. In February 2020, Microsoft failed to renew a certificate of Microsoft Teams in time, resulting in downtime for multiple hours. In December 2018, Ericsson had a massive network outage resulting in millions of smartphones going offline due to an expired certificate.
SSL Monitoring is not just for websites, but also for API endpoints. Website problems usually get noticed quicker because a site is always visible. API endpoints are a different story. If the SSL certificate of the API endpoint that is used by your website, webshop or application expires or has a wrong SSL configuration, your application will not work as expected. By adding monitoring to all those endpoints, you are confident that they are all in a healthy condition and you get notified before your certificates are expired.
Get alerted before your certificate is expired
When your SSL certificate is expired, all browsers will refuse to load your website and will show an intimidating error. It is better to get alerted before it comes this far. Certificates are always valid for a defined period, going from a few months, like Let's Encrypt up to a few years for manually generated licenses.
When you manage your certificates manually, you may miss an expiration date. Semonto helps you keep an eye on your certificates and alerts you when you forgot to renew them.
If you are using an automatic renewal service, the renewal process of your certificate can still fail, for example, due to a configuration error. Make sure you are aware of any renewal issues before your website is offline for everyone.
Check the full SSL chain
Every SSL certificate is signed by a different certificate, up to the root certificate, which is self-signed. This root certificate has to be from a trusted certificate authority (CA) and needs to be trusted by all computers. Semonto SSL Monitoring will verify all certificates in the chain and check whether they are all valid and trusted. An SSL chain can become invalid when one of the certificates in the chain is expired, when they are in the wrong order, or if one of the certificates is not trusted. Semonto will monitor all of this for you and alert you when issues arise.
Verify revocation list
All certificates can be revoked at any time by the CA that signed the certificate. This revocation is done via the certificate revocation list (CRL) and Online Certificate Status Protocol (OCSP). Certificates will be revoked when abuse is reported. If a root certificate or intermediate certificate in the chain gets revoked, it will break the SSL chain, and your SSL certificate will become invalid. Semonto will verify your SSL certificate and the chain certificates via the OCSP and alert you when your chain is invalid due to a revoked certificate.
Available on all plans
The HTTPS SSL & TLS Monitoring feature is now available on all our plans. By default, the HTTP Ping Latency test will perform a basic HTTPS test and warn you before your SSL certificate is about to expire. You can also enable more advanced SSL/TLS tests for your server and deeply verify your SSL chain at all times.