|
|
|
|
|
|
by podge
1596 days ago
|
|
|
This looks nice, particularly the automatic discovery. Any monitoring system I've ever worked with can check for expired certificates. So usually the issue at previous jobs has been either there is no monitoring system (time to set one up!) or no SSL expiry checks are configured in the existing system (usually relatively straightforward to add manually or automate). I think I'd struggle to justify using yet another external service to cover that particular type of check. |
|
|
The thing here is that you don't have to keep updating the app with every new host you create that needs to be monitored. CT allows me to detect newly issued certs in your domain, and start monitoring them without manual work on your behalf. And if you issue a cert with a hostname that doesn't yet have a DNS record, the app won't complain - no host means no live cert that can expire :)
Caveat - I have yet figured out how to apply this automated discovery for orgs that use wildcard certs... Suggestions are welcome :)