Welcome to the Hardenize blog. This is where we will document our journey as we make the Internet a more secure place and have some fun and excitement along the way.

20 Mar

Certificate Expiration Monitoring

by Ivan Ristić

As of today, Hardenize officially supports daily notifications to alert you about certificates that are about to expire. Once a day we take a look at your properties and make a list of all certificates that haven't been renewed. We include both your certificates as well as those that you rely on (e.g., third-party web sites, outsourced email servers, and so on). We then check every known network location once again to remove any certificates that have been renewed at the last minute. After that, if we're left with any certificates on our list, we send you an email with a summary of all your affected properties and the corresponding network locations.

By default, the notifications kick in for certificates that are within 4 days of their expiration date. Hardenize continuosly monitors all your certificates and places them in 3 buckets. First there are those that are due for renewal (60 days), then those that are overdue (13 days), then those that are critical (4 days). It's of course possible to pick your own values for these.

Other configuration settings cover who is notified; they are shared with other certificate notifications, for example Certificate Transparency, which I wrote about last week. They allow you, for example, to create a certificate management team and have only its members receive the emails. For convenience, we allow you to specify an additional email address that will recieve the notifications. This email could be used to alert someone else in your organization, or forward the alerts to mobile phones via an SMS gateway.