Ghattu's Technology Blog

I was talking to my friend yesterday and he mentioned that he was up all night due to an outage that happened to the WebLogic environments he manages, when asked why?

Expired SSL Certificates!!!My initial reaction: You don’t have Monitoring? Hmm well, that led me to think, realistically how many environments have cert expiry monitoring? I haven’t seen any environments that have automated monitors that check the WebLogic Certificates. One of the reason why this may not have affected you is one, you are not using SSL and two, the certs you obtained have a life span of more than 10 years.

In our WebLogic environments we do not have monitoring specifically on the Cert’s, but we do have some monitoring that does warn us in-case  our Certs are about to expire. The way it works is, during boot time WebLogic Server logs a message if the certs configured are about to expire in the next 30 days. This message is logged with severity “Notice”. Our monitoring application listens on the Log BroadCaster (I will leave the details for another blog post), this listener will send an alert/EMail whenever a message is logged with severity “Notice”. The alert will contain the details of what is logged, in case of a Certificate that is about to expire it will contain the Date when it is going to expire and other Certificate details.

Please note, there is one problem to the above approach, i.e. we are relying on WebLogic Server to be started or restarted atleast once within this 30 days timeframe that your Certificate may expire. If not, you will never recieve the notification.

In one of my subsequent post I will write about an alternate simple approach to monitor your WebLogic Certificates.

Tags: ssl

This entry was posted on Wednesday, August 19th, 2009 at 9:45 am and is filed under WebLogic, oracle, security, ssl certificate, weblogic server, wlst. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.