SSL Certificate Monitor does not validate certificate chain
It reports a certificate as valid (or at least health is green and ok) for certificates where the certificate chain does not end up in a trusted root certificate. This leads to the following questions:
1: Does it accept self-signed certificates as well?
2: Does it check if the certificate has been revoked?
3: Does it validate all intermediate CA's and their revokations?
4: Which cert-store is being used?
Theese settings should be verified, and optionaly be able to be enabled/disabled/defined for a specific monitor (but thats more of a feature request). Another nice feature would be if the certificate chain could be visualized in the monitor (with a health check for each intermediate cert) and also the complete SSL handshake when a monitor fails for fault analysis.
A common pitfall is to not include all the internediate certs when installing a certificate in a webserver. Would be nice if the SSL Certificate Monitor would be able to detect this. Another error that is common is that the admin of the website installs the root certificate as well (and is being sent during the ssl handshake) which also should be reported as an error (unless its a self signed cert and we allow this).
1: Does it accept self-signed certificates as well?
2: Does it check if the certificate has been revoked?
3: Does it validate all intermediate CA's and their revokations?
4: Which cert-store is being used?
Theese settings should be verified, and optionaly be able to be enabled/disabled/defined for a specific monitor (but thats more of a feature request). Another nice feature would be if the certificate chain could be visualized in the monitor (with a health check for each intermediate cert) and also the complete SSL handshake when a monitor fails for fault analysis.
A common pitfall is to not include all the internediate certs when installing a certificate in a webserver. Would be nice if the SSL Certificate Monitor would be able to detect this. Another error that is common is that the admin of the website installs the root certificate as well (and is being sent during the ssl handshake) which also should be reported as an error (unless its a self signed cert and we allow this).
Topic Participants
cgerdes
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?