(DI-2311) Collector for expiring SSL certificates

The technical name of the Collector for SSL certificates is /DVD/MON_CL_COL_SSL_CERT.

This collector checks every STRUST identity in the SAP system and its certificates. By default, it will alert of any certificate that has under 10% of lifetime left and is about to expire in the next 30 days. Collector is collected once every day.

Default KPIs delivered with this collector

The following default KPIs are delivered with this collector:

KPI name

Description

Unit

Detail table

KPI name

Description

Unit

Detail table

SSL_CERT_EXP

Number of expiring certificates

Count

Yes

Input table

Technical name of the input table is /DVD/MON_SSL_I. Users can define which STRUST PSE identities to monitor and which not. If the table is left empty, all STRUST identities and their certificates are monitored by default.

Technical name

Column name 

Description

Technical name

Column name 

Description

SID

System ID

System ID for which current row of input table applies

SSL_GROUP

SSL Group

Define which SSL STRUST group to parse certificates from:

  • SSLS - Server PSE

  • SSLC - Client PSE

  • WSLE - Web Server Security PSE

  • SSFA - Application PSE

ACTIVE

Active

Flag signalizing if the current row is active or not

CHANGED_BY

Changed by

Last changed by user [automatically filled].

CHANGED_AT

Changed at

Last Changed At [TIMESTAMP] [automatically filled]. 

CREATED_BY

Created by

Created By User [automatically filled]

CREATED_AT

Created at

Created At [TIMESTAMP] [automatically filled]

Detail table

The collector provides a detailed table of Expiring SSL Certificates. The technical name of the detail table is /DVD/MON_S_SSL_CERT_EXPIRE.
It provides a list of soon-to-expire or expired certificates and has the following fields:

Technical name

Description

Technical name

Description

TIMESTAMP

When the records are saved into the Detail table

SID

System ID

STRUST_IDENTITY

STRUST Identity together with description (Client/Server, etc.)

CERTIFICATE_SUBJECT

Defines certificate

EXPIRES_IN

Number of days to expiration or if the certificate is already expired, it will state EXPIRED