Monitoring of internal Certificates stays at "checking"

[JohnnyJoker]

Hey there!

When we try and add notifications for certificate expirations on internal certificates the status stays at "checking".
Those certificates are from an internal Certificate Authority (Microsoft CA) and the websites in question can be opened correctly in a browser on the machine where we setup the notifications.

Do you have any tips where and why this is failing or not completing the checks or where to get verbose/debug logs for this?

Website monitoring the https:// where the certificates in question is setup works.
Checking the validity of the certificate(s) behaves the same if configured on the local agent - on the machine where the certificate/site resides.

 

[Jamie Taylor]

Hey @JohnnyJoker, I have raised a support ticket for your assistance. Our team will contact you shortly regarding this.

[JohnnyJoker]

Hey Jamie,

thanks for opening the ticket.

Whilst detailing the case to the support agent, me and my colleague noticed - while doublechecking our setup and my description of it - that the common denominator of those certificates was that they had no "Subject" filled out and instead we were using "Subject Alternative Names" (SANs) which works fine in browsers but isn't checked by the agent.

I've already re-issued one of the certificates with a "Subject" (CN=<DNS FQDN>) + SANs and the check now succeeds.