SSL Certificate Expiry Monitor

Built for people who manage SSL certificates

We have developed a product, called Cert Checker, that is an easy to use SSL certificate management tool that monitors for SSL certificate expiry and issues alerts when certificates need renewing:

certchecker console

Retrieves your SSL certificates
Checks if certificates are approaching expiry or have expired
Sends certificate renewal alerts
Provides detailed reports
Supports many protocols including: POP3/S, IMAP/S, SMTP/S and HTTP/S

Overview

Like a passport or driving licence, an SSL certificate has a validity period. When a CA issues a certificate, it includes an expiration date. The certificate's expiration date is normally one or two years from the date of issue. To ensure that a certificate remains valid, it must be renewed with a CA prior to its expiration date. When an organisation has many certificates with different expiration dates issued from multiple CAs the task of managing them can become arduous and error prone. Cert Checker can reduce the risk of a certificate being left to expire by periodically querying your servers and alerting you in good time when certificates need renewing.

Cert Checker is a pure .NET console application. Using a list of hostnames and port numbers as input, Cert Checker will report the expiration status of each certificate it finds. It provides detailed CSV reports of the certificate information collected; the report format is suitable for importing into other applications such as a spreadsheet or database. While running, Cert Checker can write certificate details to a DOS command window to provide feedback on its progress. In addition, alerts and a summary report can be sent to one or more email recipients. Cert Checker can be run manually from a DOS command window or called periodically by the Windows Scheduler.

Cert Checker Reports

Each time Cert Checker runs, it writes the pertinent details of all the SSL certificates it has retrieved during the scan to a report.

certchecker report

By scanning down the ExpiryStatus column of a report you can quickly get a handle on the status of all your certificates. You can configure the number of days before certificate expiry the status in the report changes from OK to EXPIRING. The table below provides a description of each of the fields from the report.

Field Heading		Description
Hostname		A hostname or IP address indicating the target host.
Port		The TCP port used to communicate with the remote server.
Subject		A Distinguished Name defining the entity associated with this certificate
NotBefore		The date the certificate becomes valid.
NotAfter		The date when the certificate is no longer valid.
DaysTillExpiry		The number of complete days before the certificate expires.
ExpiryStatus		One of the following: OK, EXPIRING, EXPIRED, ERROR

Table 1. Certificate Report Fields

Try Cert Checker

Download Trial

Contact Us

Please don't hesitate to contact us if you have any questions or feedback.