SSL Certificate Checker Creation

Decision Guide

Enterprise Monitoring provides two methods within Dynatrace to handle SSL Certificate Checks.  

Synthetic checks

  • Typically used by application teams to monitor certificates for HTTPS endpoints that are not owned/managed by the FTS Linux team.
  • Certificate validation is performed against a provided application URL and can be included as part of an existing synthetic monitor.
  • Alerts are generated and notifications go directly to the application team.
  • Supports more flexible configuration for “days until expiration” thresholds.

Extension 2.0 checks

  • Typically used by the FTS Linux team, but also available to Application, Networking, and other teams.
  • Best for teams responsible for certificate validity when they don’t own the application, or for application teams that don’t need (or want to pay for) synthetic monitoring.
  • Supports Warning (e.g., < 30 days) and Critical (e.g., < 10 days) thresholds, but is less flexible because Enterprise Monitoring maintains a limited set of standard threshold groupings.

  • Requires Enterprise Monitoring to maintain the configuration, so ServiceNow requests are needed for creation, updates, and removal.

Synthetic checks

  1. Navigate to Synthetics
  2. Select Create a synthetic monitor
  3. Select Create an HTTP monitor
  4. Enter Name: SSL Certificate Checker - URL that you’re checking
  5. Select Add HTTP Request
  6. Enter “https://” then the URL in the request URL field
  7. Enter the URL in the Name field
  8. Select Add HTTP request
ssl cert creation
  1. Scroll down to Adapt request timeout, turn on the toggle and enter 60 seconds
  2. Select Next
  3. Set frequency to On-Demand
  4. Select Yale - Central Campus for the location
  5. Select Next
  6. Select Create HTTP monitor
  7. Select Add tag
    1. Key: Host Name Value: Host URL
    2. Key: RequestDetail Value: SSL Certificate Expiration
    3. Key: ServiceNow Request
    4. Key: [ITSM]AssignmentGroup Value: Assignment Group name
    5. Key: [ITSM]BusinessService Value: Business Service name

Additional Notes for testing:

Synthetic checks run every day at mid-night. If you wish to test your configuration add the tag ‘SSLCheckConfigTEST’ (similar to step 7b). These test runs run every 5 minutes. Once you validate everything is working, please remove the ‘SSLCheckConfigTEST’ tag so that unneccesary checks and costs are not run every 5 minutes.

To validate please use this Data Explorer view. This will show you results for any SSL Certificate Checker run in the past 30 minutes.

Extension 2.0 (via HTTPS)

This extension works by downloading the SSL Certificate from the provide HTTPS endpoint, reading the contents, and validating the downloaded certificates ‘expires on’ value against the current date.

  • Submit a Service Request form via ServiceNow CLICK HERE

  • Enter a short description of 

    “Requet for SSL Certificate checker via Extension 2.0”

  • For ‘Description of Request’ provide the following

    - Your Departments Assignment Group and Business Service names as they appear in ServiceNow. This is who will be notified over alerts

    - Tier/Priority level for generated tickets (P2 or P3)

    - HTTPS endpoint to validate SSL Certificate against

Extension 2.0 (local files)

This is a more advanced option that requires a conversation with Enterprise Monitoring support staff.  This validation occurs directly on the host by scanning a directory for certificate files and for each it evaluates the certificate attributes locally.

  • Submit a Service Request form via ServiceNow CLICK HERE

  • Enter a short description of 

    “Request for SSL Certificate checker via Extension 2.0 LOCAL HOST file check”

  • For ‘Description of Request’ provide the following

    - A list of hosts on which the certificate files exist

    - Best date, time, and resources for Enterprise Monitoring team to setup a discussion

Reference Materials

Dynatrace SSL Certificate Monitor Extension