Faddom Help Center

How to Manage SSL Certificates

The SSL Insights screen displays data about all detected SSL certificates participating in
traffic that is captured if Faddom is receiving full traffic. You can see this screen by clicking Secure > SSL Insights

You will be presented with the SSL Insights screen.

 

A certificate is identified by the server name on which it resides, the port number, and a common name. For each certificate, its validity dates and last update date are displayed. You can expand the certificate to see more information on the certificate such as the date, SSL Version, Cipher, and last time it was seen.

Each certificate is given a different score depending on how close it is to expiry. 

  • Critical - expired
  • Medium - expiring within 30 days
  • Low - expiry is over 30 days

 

When a certificate is about to expire or has expired, a notification is generated and displayed on the Notifications screen. Notifications and Alerts can be configured to generate let you know automatically when there is a change in status.

Additionally, an event is opened for the server on which this certificate is installed. The server is displayed with a background colour matching the event severity, and so are the application maps that include this server. It is possible to close the event from the properties window of the server, or in the Notifications screen.

Note: In order to identify certificates, full capture of traffic is required. I.e. this
data is not available when using NetFlow.

If you wish to remove a certificate from this screen for any reason, you select it (or multiples) then you have two options Filter and Delete

 

Filter Selected

This will hide the certificate(s) selected so that it will not show again on the screen. certificates again by deleting the filter.

 

Delete Selected

This will remove the certificate from the list, however, if the certificate is seen again, it will reappear.

 

Viewing Updated/Replaced Certificates

Once you have changed a certificate on a server, this will be reflected in Faddom once it is seen as being in use.

  • If a certificate is replaced by a certificate with the same common name (on the same host and port) then the certificate details will be updated in Faddom as soon as we see it in use.

  • If it is replaced by a certificate with a different common name, it will not delete the old one until the timeout for cleaning up certificates passes (30 days by default and can be changed in Settings > Global Parameters > Inactive certificates time limit ), however, the last seen time for the old certificate should not update if we don't see use anymore.

  • Additionally, you can manually delete any certificate from Faddom. If the certificate is seen again, it will reappear immediately, however, if you don't want a certificate to reappear, you can create a filter on that certificate.
Was this article helpful?
0 out of 0 found this helpful

Comments