Only pain can describe what it will become when the lifespan of SSL cetficates will drop to maximum of 200 days in 2026, 100 days in 2027 and to finally drop down to 47 (!) days in 2029,
Companies usually have many so called FQDNs (that would for instance be https://www.yourcompany.com, https://mail.yourcompany.com or https://login.yourcompany.com).
All of these (usually) have an SSL certificate to secure communication between the servers and the clients (endpoints).
If you have lots of them and on top of that, the expiry date differs on them (if the expiry date is wrong, your servces will not work smoothly), you may be in for a world of hurt to say the least. From having to change you certificates from 300 soemthing to every 47 days will be a nightmare for lots of companies and system administrators.
This needs to be kept track of in some easy way.
As a project , I decided to make a portal to keep track of those those things and also have a look where the certificate was bought (Issuer) , what the Common name (CN) actually says in the certificate and whether it looks to be complete (Including intermiediate certificates etc , If the certificate chain is incomplete, some browsers may have problems acessing them )
Here’s a few pictures and a manual on how it works and what it looks like
Step 1. Log in (if the email address hasn’t been used previously, it will automatically redirect to step 2, otherwise it will show the dashboard as seen in step 3 ).
Step 2. Upload a .text file with the fqdns we want to have a look at and also a description. (If you have for instance multiple customers you may want to have a description for them)
3. After the first upload you qill be automatically redirected to the dashboard that looks like this. There will an entry for each file you have uploaded with the number of FQDNs in each file , the description, time stamp when you uploaded it .
To the right there will be 2 choices, one for “View status” which will query the FQDNs in you file and automatically take you to the actual result (step 4 ). From this dashboard page you can also delete the files you have uploaded simply by pressing delete.
As you may notice , you can also upload new files here and those will appear as a new row.
4. The next picture shows you the result after you clicked “Show status” for an entry in the previous picture.
The clickable areas at the top would be “Back to dashboard”, “Detailed SSL and Domain info” (this choice will take you to a very detailed scanner that collects geographical information, server headers, webserver, etc . Here’s a post about what that scanner in turns does https://www.jufcorp.com/exploring-the-ssl-and-domain-scanner-a-tool-for-it-systems-owners/ )
The third choice is simply a logout and takes you back to the login page.
There are two quick summay parts , one for the SSL certificate expiry and warnings if they expire in the upcoming 45 days (I will shorten that at some point) and a second summary about the health of the certificates (I try to see if it’s complete with intermediate certificate chains etc )
The columns that appear (you can sort on each of them shows FQDN queried, when the certficate expires, Status (is it valid for more than 45 day or not ), Issuer (who issued this certificate ie where did we get it?) , Common name (what does this certficate say in the common name fileld and finally the health of the certificate (complete / incomplete )
*Small edit: . After I wrote this , I also added a column for the SAN (Subject Alternate Names) next to the column for CN (Common Name)
Feel free to give it try if you want to . You can reach it at https://www.jufcorp.com/sslmonitor.php
