We are trying to set up SSL certificate monitoring, and it's working fine for our standard certificates, e.g. test.company.com and prod.company.com. When viewing the certificates in the app we get the number of days left before expiration. So far so good.

 

However, as soon as we add our wildcard certificate, *.company.com, to the configuration, the "Certificates" page for the server in the app just shows "Loading monitored certificates...", eventually yielding "Data not available."

 

As soon as the wildcard certificate is removed from the config, we can view the others just fine.

Hi,

 

Welcome to the Pulseway community. Please PM me the hostname and port of the service that uses the wildcard certificate (if it's in the DMZ) and we will investigate the issue.

 

Regards,

Chris

Pulseway Support

I've PM'ed you the details - thanks for looking in to this!

Have your engineers been able to reproduce the issue?

What server address are you entering when adding the certificate entry in Pulseway Manager?

Can you please email our support with the details?

Any news to report on this?

We're still trying to reproduce this. Is the problem happening on the Windows, Linux or Mac agent?

Hi Marius

The error is present on a Linux agent, running on Ubuntu Server 14.04.

Prompted by your question I just tried setting up a Windows agent on a desktop machine and adding cert monitoring - on Windows the wildcard certificate monitoring works fine!

/Jakob

I too have experienced this (or a similar) issue, but with SAN type of certificates.

Given a SAN certificate with the following hostnames (in this order):

*.domain1.com
*.domain2.com

And an certificate monitor setup for foo.domain2.com - I indeed see the number of days until expiry, but a result that says something like "certificate cannot be verified".

If I change the monitor to check for something like foo.domain1.com (the first domain on the cert) - everything goes green and works as expected. I'm guessing that it only works properly when verifying the first hostname on the certificate or something?

For reference, I'm running on Windows 2008R2 (with the latest version of the Pulseway agent).

Hope this helps -- let me know if I can provide any further details!

 

I too have experienced this (or a similar) issue, but with SAN type of certificates.

Given a SAN certificate with the following hostnames (in this order):

*.domain1.com
*.domain2.com

And an certificate monitor setup for foo.domain2.com - I indeed see the number of days until expiry, but a result that says something like "certificate cannot be verified".

If I change the monitor to check for something like foo.domain1.com (the first domain on the cert) - everything goes green and works as expected. I'm guessing that it only works properly when verifying the first hostname on the certificate or something?

For reference, I'm running on Windows 2008R2 (with the latest version of the Pulseway agent).

Hope this helps -- let me know if I can provide any further details!

 

Could you please email our support with the real hostnames so we can try to reproduce? 

Thank you.

Hi Marius

The error is present on a Linux agent, running on Ubuntu Server 14.04.

Prompted by your question I just tried setting up a Windows agent on a desktop machine and adding cert monitoring - on Windows the wildcard certificate monitoring works fine!

/Jakob

Thank you Jakob,

we have added this issue to be fixed for the next agent release.

Marius,

I've emailed in exact repro details to support.

Marius,

I've emailed in exact repro details to support.

We have received the email and managed to reproduce the issue. A fix will be included in the next release.

Thank you for your help!

Marius

Just wanted to confirm that this is now fixed, and we're using it in production!

 

Thanks!

Thank you for the update and for your support on this, glad it is working well.