The SSL Certificates screen displays data about all detected SSL certificates participating in
traffic that is captured by the Sensors. You can see this screen by clicking Secure > Certificates
A certificate is identified by the server name on which it resides, the port number, and a common name. For each certificate, its validity dates and last update date are displayed.
Certificates that have expired are displayed on a red background, and certificates that
are about to expire and are displayed on a yellow background. Faddom will display 500 certificates, with the expired and about to expire given priority.
When a certificate is about to expire or has expired, a notification is generated and
displayed on the Notifications screen. Notifications and Alerts can be configured to generate
email messages, SNMP traps or to create incidents in ServiceNow.
Additionally, an event is opened for the server on which this certificate is installed. The
server is displayed with a background color matching the event severity, and so are the
application maps that include this server. It is possible to close the event from the
The properties window of the server, or in the Notifications screen.
Note: In order to identify certificates, full capture of traffic is required. I.e. this
data is not available when using NetFlow.
Filter Selected
Select certificates that should be hidden from the list. It is possible to show these
certificates again by deleting the filter. By going to Manage Filters > Delete
Delete Selected
Select certificates to remove from the list. Note that these certificates may appear
again if they are used again and observed in the captured traffic. Deleting certificates does
not hide them from now on, only removes the current observation results.
Viewing Updated/Replaced Certificates
Once you have changed a certificate on a server, this will be reflected in Faddom once it is seen as being in use.
- If a certificate is replaced by a certificate with the same common name (on the same host and port) then the certificate details will be updated in Faddom as soon as we see it in use.
- If it is replaced by a certificate with a different common name, it will not delete the old one until the timeout for cleaning up certificates passes (30 days by default and can be changed in Settings > Global Parameters > Inactive certificates time limit ), however, the last seen time for the old certificate should not update if we don't see use anymore.
- Additionally, you can manually delete any certificate from Faddom. If the certificate is seen again, it will reappear immediately, however, if you don't want a certificate to reappear, you can create a filter on that certificate.
Comments