SSL Certificate Monitoring
Cascading alerts at 30, 14, and 7 days before expiry
What it does
AlertMonitor monitors SSL/TLS certificate expiry across every domain and subdomain in your environment, sending cascading alerts at 30 days, 14 days, and 7 days before expiry. Expired certificates break services, destroy user trust, and in some cases create exploitable misconfigurations. AlertMonitor ensures your team has ample forewarning across every hostname — never a surprise.
One expired cert, one outage: A single expired SSL certificate on a payment gateway, an internal API, or an authentication endpoint can cause a complete service outage. AlertMonitor keeps expiry visible across your entire portfolio of domains so renewal is a scheduled task, never an emergency.
Capabilities
- Continuous monitoring for every monitored domain and subdomain
- Cascading alert schedule: 30-day, 14-day, 7-day, and 1-day warnings
- Certificate chain validation: intermediate and root cert issues surfaced alongside leaf cert expiry
- Weak cipher detection: TLS 1.0/1.1, RC4, MD5 signatures flagged automatically
- Certificate authority change detection: swap to a different CA triggers analyst alert
- Wildcard and SAN certificate coverage verification
- mTLS and internal PKI certificate monitoring for private CAs
How it works
Certificate checks probe the TLS handshake directly using a TLS client library. Checks run from multiple geographic vantage points to detect routing-asymmetric expiry scenarios. Certificate metadata — chain, issuer, SANs, cipher suite, protocol version — is stored with every check. Expiry alerts include the full certificate details and a renewal link to the registrar if identifiable from WHOIS data.