Discover and Monitor Your SSL Certificates

Cert Checker discovers, catalogues, and monitors certificates across your organisation.

Why Cert Checker?

Automated discovery of SSL certificates across the enterprise network
Automatic certificate expiry alerts and detailed reports
Fast scanning by IP ranges or hosts file
Used by different sectors from Financial Institutions to Hosting Companies

The screenshot below shows one way to view the results of a certificate discovery scan. scan results

REQUEST A FREE TRIAL

Key Features

Cert Checker offers many features including:

Continuous SSL certificate monitoring - not just for HTTPS
Scans your networks by IP ranges or hosts file
Lets you specify which ports / port ranges should be checked
Detects all types of SSL certificates (OV, DV, EV, self-signed etc) from all CAs
Automated alerts to multiple contacts
Detailed certificate reporting
Results can be written to an SQL database
Supports many protocols including: HTTP/S, LDAP/S, POP3/S, IMAP/S, SMTP/S
Runs automatically using the Windows Scheduler
Windows and Linux versions available.

Key Benefits

Red Kestrel's Cert Checker benefits your organisation by:

Automating certificate inventory
Supporting business continuity through timely certificate renewal
Reducing certificate management overhead
Reducing your organisation's risk of non-compliance

Running Cert Checker in a Console Window

The screenshot below shows the Cert Checker output when run from the console.

certchecker console

More About What Cert Checker Does

Like a passport or driving licence, an SSL certificate has a validity period. When a CA issues a certificate, it includes an expiration date. The certificate's expiration date is normally one or two years from the date of issue. To ensure that a certificate remains valid, it must be renewed with a CA prior to its expiration date. When an organisation has many certificates with different expiration dates issued from multiple CAs the task of managing them can become arduous and error-prone. Cert Checker can reduce the risk of a certificate being left to expire by periodically querying your servers and alerting you in good time when certificates need renewing.

Using an IP range or text file of hostnames, Cert Checker will report the expiration status of each certificate it finds. It provides detailed CSV reports of the certificate information collected; the report format is suitable for importing into other applications such as a spreadsheet or database. While running, Cert Checker can write certificate details to a DOS command window to provide feedback on its progress. In addition, alerts and a summary report can be emailed by Cert Checker to one or more recipients. Cert Checker can be run manually from a DOS command window or called periodically by the Windows Scheduler.

Cert Checker Reports

Each time Cert Checker runs, it writes the pertinent details of all the SSL certificates it has retrieved during the scan to a report. The certificate information can also be written to an SQL database and viewed using the Red Kestrel Cert Centre Lite product, which is included with this release.

certchecker report

The report contains important information including whether the certificate has expired or is close to expiration. By scanning down the ExpiryStatus column of a report, you can quickly get a handle on the status of all your certificates. You can configure the number of days before certificate expiry the status in the report changes from OK to EXPIRING. The table below provides a description of each of the fields from the report.

Field Heading		Description
Hostname		A hostname or IP address indicating the target host.
Port		The TCP port used to communicate with the remote server.
Issuer		A Distinguished Name defining the entity that issued the certificate
Subject		A Distinguished Name defining the entity associated with the certificate
Signature Algorithm		The algorithm used to sign the certificate. Lets you identify the presence of insecure algorithms, such as MD5.
Key Size		The RSA key size (bits)
NotBefore		The date the certificate becomes valid.
NotAfter		The date after which the certificate is no longer valid.
DaysTillExpiry		The number of complete days before the certificate expires
Certificate		The certificate (PEM Formatted)
ExpiryStatus		One of the following: OK, EXPIRING, EXPIRED, ERROR

Table 1. Certificate Report Fields

REQUEST A FREE TRIAL

TRY IT FOR FREE

REQUEST FREE TRIAL

Feedback

What people are saying about Cert Checker:

"Wonderful tool, very easy to use and configure"
-- Didier Derck
(Toyota Europe)

"Your assistance and software is greatly appreciated"
-- Chris Goosen CIO
( H&K )

"Works very well and helps us keep a close eye on all SSL renewals"
-- Jacob Colton
(Catalyst2 Web Hosting)

"...works like a charm!! Exactly what we are looking for!"
-- Tashiel Bhairo