(DI-2308) Collector for Expiring SSL Certificates Security
- SNP
The technical name of the Collector for SSL Certificates is /DVD/MON_SEC_CL_COL_SSL_CERT.
This collector checks every STRUST identity in the SAP system and its certificates. By default, it will alert of any certificate that has under 10% of its lifetime left and is about to expire in the next 30 days.
Default KPIs delivered with this collector
The following default KPIs are delivered with this collector:
KPI name | Description | Unit | Detail table |
|---|---|---|---|
SEC_SSL_CERT_EXP | Number of expiring certificates | Count | Yes |
Input table
The technical name of the input table is /DVD/MON_SEC_SSL. Users can define which STRUST PSE identities to monitor and which not. If the table is left empty, all STRUST identities and their certificates are monitored by default.
Technical name | Column name | Description |
|---|---|---|
SID | System ID | System ID for which the current row of the input table applies |
SSL_GROUP | SSL Group | Define which SSL STRUST group to parse certificates from:
|
ACTIVE | Active | Flag signalizing if the current row is active or not |
CHANGED_BY | Changed by | Last changed by user [automatically filled]. |
CHANGED_AT | Changed at | Last Changed At [TIMESTAMP] [automatically filled]. |
CREATED_BY | Created by | Created By User [automatically filled] |
CREATED_AT | Created at | Created At [TIMESTAMP] [automatically filled] |
Detail table
The collector provides a detailed table of Expiring SSL Certificates. The technical name of the detail table is /DVD/MON_SEC_S_SSL_CER_EXP.
It provides a list of soon-to-expire or expired certificates and has the following fields:
Technical name | Description |
|---|---|
TIMESTAMP | When the records are saved into the Detail table |
SID | System ID |
IDENT_NAME | STRUST Identity name |
IDENT_DESCR | STRUST Identity description |
SUBJECT | Certificate subject |
EXPIRE_IN_DAYS | SSL Expires in |