Does anyone have any recommendations of a product or tool to help keep track of certificate expiration dates? We have a lot of certificates across the enterprise and tracking them all has proven challenging.
Sort By:
Oldest
Director of IT in Softwarea year ago
Check if the CA you are buying the certs from has a tool for this (assuming you are talking about publicly signed certs). There are 3rd part tools that you can install agents on the environment that will scan the endpoints, detect and report certs and some will even allow you to renew the certs. I use a tool from the CA itself, some 3rd part tools allow you to manage certificates from various CAs.Tanium has a way to report certificates on the endpoints. Depending if the certs are only SSL and are on the NLBs/Webservers or are installed on the endpoints and how many certs you need to manage, you might need to buy a Certificate Lifecycle manager. Some tools can only manage publicly signed certs, some can do public and private certificates (from your own CA). Check AppViewX and DigiCerts, both are good.
CTO for Digital & IT in Healthcare and Biotecha year ago
If like many of us you use ServiceNow, it added a certificate management module about 3 years ago. It's not as powerful as some solutions on the market, but it seems to cover the basics in terms of automation (including integration with some common public cert providers) and of course ties into the CMDB, since certs really should be CIs, and into your ITSM processes.CIO in Healthcare and Biotecha year ago
https://sectigo.com/ Venafi and AppViewX are good optionsVP of Engineering in Bankinga year ago
- In my workplace, we use Datadog synthetic monitoring. If you're not using Datadog, I think there should be other alternatives as long as they support health check with certificate expiry date.- A simpler rudimentary approach: have a central calendar and create a reminder every time we create/renew the certificate
This is a free web-based service that will check your website certificates and notify you via email or text. You can set up multiple contacts.
There are many other standalone web certificate monitoring tools -- but these one has the least amount of setup and configuration.
It still only checks and notifies you that a certificate is expiring, it doesn't automatically renew a certificate.