Axibase Time Series Database Use Cases

Monitoring SSL Certificates Expiry Dates for Subdomains

Overview

HTTPS is an internet ubiquity, Google Security analysts reported that the vast majority of 2018 Chrome traffic occurs over the secure protocol, which was formerly primarily relegated to the realm of internet financial or security transactions and requires the exchange of validity credentials. Automate SSL certificate monitoring for expiry and error with a programmatic solution that alerts upon certificate update or expiration.

Axibase Collector is a data collection tool written in Java which implements tasks to retrieve data from remote systems, one such task is the HTTP job. Using the HTTP job, query HTTPS endpoints to gather information with Collector and pass that information on for storage, processing, and alerting tasks in ATSD.

The Comodo Group maintains the CRT Certificate Search database which tracks SSL certificates. The list includes active subdomains for each specified top domain.

Collector connects to each subdomain in the list and gathers SSL certificate details. The data is passed to ATSD where it is analyzed using the rule engine. This rule sends alerts to a specified Slack channel when the SSL certificate is about to expire, as well as when it is replaced.

Tools

To obtain a free SSL certificate, refer to the Let's Encrypt Workshop.

  • ATSD Sandbox: a Docker image which runs ATSD and Axibase Collector instances.

Both tools are installed with a temporary license which can be renewed at the end of the 2-week trial period.

Procedure

Copy the launch command below to a command-line console.

  • Set the TOP_DOMAIN variable to the domain name to monitor, such as example.org.
  • Replace SLACK_TOKEN variable with your Slack token.

ATSD Sandbox

Refer to ATSD Sandbox documentation for additional environment variables.

docker run -d -p 8443:8443 -p 9443:9443 -p 8081:8081 \
  --name=atsd-sandbox \
  --env TOP_DOMAIN=example.org \
  --env ATSD_IMPORT_PATH='https://raw.githubusercontent.com/axibase/atsd-use-cases/master/integrations/atsd-sandbox/monitor-ssl-expiry-dates/resources/ssl-certificates-files.tar.gz' \
  --env COLLECTOR_IMPORT_PATH='https://raw.githubusercontent.com/axibase/atsd-use-cases/master/integrations/atsd-sandbox/monitor-ssl-expiry-dates/resources/job_http_subdomains-ssl-certificates.xml' \
  --env SLACK_TOKEN={SLACK_TOKEN} \
  axibase/atsd-sandbox:latest

Monitor the launch process.

docker logs -f atsd-sandbox

ATSD sends a confirmation message to the specified Slack channel upon successful launch.

Test ATSD Notification

Sample Notifications

There are three types of notifications:

Initial Notification: Received upon successful sandbox launch.

Certificate expiry date set

Update Notification: Received upon SSL certificate expiration update.

Certificate's expiry date set

Expiry Notification: Received when less than 30 days remain before SSL certificate expiration.

Expiration rule

Feedback? Comments?