The SSL Insights screen displays data about all detected SSL certificates participating in traffic that is captured if sensors have been deployed. You can see this screen by clicking Secure > SSL Insights
You will be presented with the SSL Insights screen.
A certificate is identified by the server name on which it resides, the port number, and a common name. For each certificate, its validity dates and last update date are displayed. You can expand the certificate to see more information on the certificate such as the date, SSL Version, Cipher, Organization, OU and the last time it was seen.
Each certificate is given a different score depending on how close it is to expiry.
Critical - expired
Medium - expiring within 30 days
Low - expiry is over 30 days
When a certificate is about to expire or has expired, a notification is generated and displayed on the Notifications screen. Notifications and Events can be configured to generate and let you know automatically when there is a change in status.
Additionally, an event is opened for the server on which this certificate is installed. The server is displayed with a background colour matching the event severity, and so are the application maps that include this server. It is possible to close the event from the properties window of the server, or in the Notifications screen.
Note: To identify certificates, full capture of traffic is required. I.e. this data is not available when using NetFlow.
If you wish to remove a certificate from this screen for any reason, you select it (or multiples) then you have two options Filter and Delete
Filtering the Certificates
To help you manage the list, you can filter it by clicking the Filter icon. You can then select a server. port, status or version, comma-separated in the case of multiple entries.
Ignored Certificates
This will hide the certificate(s) selected so that it will not show again on the screen.
Delete Selected
This will remove the certificate from the list, however, if the certificate is seen again, it will reappear.
Viewing Updated/Replaced Certificates
Once you have changed a certificate on a server, this will be reflected in Faddom once it is seen as being in use.
If a certificate is replaced by a certificate with the same common name (on the same host and port) then the certificate details will be updated in Faddom as soon as we see it in use.
βIf it is replaced by a certificate with a different common name, it will not delete the old one until the timeout for cleaning up certificates passes (30 days by default and can be changed in Settings > Global Parameters > Inactive certificates time limit ), however, the last seen time for the old certificate should not update if we don't see use anymore.
βAdditionally, you can manually delete any certificate from Faddom. If the certificate is seen again, it will reappear immediately, however, if you don't want a certificate to reappear, you can create a filter on that certificate.