Collector for Expiring SSL Certificates

The technical name of the Collector for Expiring SSL Certificates is /DVD/MON_CL_COL_SSL_CERT.

This collector checks every STRUST identity in the SAP system and its certificates. By default, it will alert the user of any certificate that meets both of the following conditions:

  • The certificate has less than 10% of its lifetime left.

  • The certificate will expire in the next 30 days.

The collector is collected once every day.

Default KPIs Delivered with This Collector

The following default KPIs are delivered with this collector:

KPI name

Description

Unit

Detail table

SSL_CERT_EXP

Number of expiring certificates

Count

Yes

Input Table

The technical name of the input table is /DVD/MON_SSL_I. You can define which STRUST PSE identities to monitor and which to not monitor. If you leave the table empty, all STRUST identities and their certificates are monitored by default.

Technical name

Column name 

Description

SID

System ID

Specifies the system ID to which the current row of the input table applies

SSL_GROUP

SSL Group

Defines which SSL STRUST group to parse certificates from:

  • SSLS: Server PSE

  • SSLC: Client PSE

  • WSLE: Web server security PSE

  • SSFA: Application PSE

ACTIVE

Active

Specifies whether the current row is active

CHANGED_BY

Changed by

Last changed by user [automatically filled]

CHANGED_AT

Changed at

Last changed at [automatically filled]

CREATED_BY

Created by

Created by user [automatically filled]

CREATED_AT

Created at

Creation time [automatically filled]

Detail Table

The collector provides the detail table Expiring SSL certificates. The technical name of the detail table is /DVD/MON_S_SSL_CERT_EXPIRE.

The detail table Expiring SSL certificates provides a list of soon-to-expire or expired certificates. It contains the following fields:

Technical name

Description

TIMESTAMP

Time when the records are saved to the detail table

SID

System ID

STRUST_IDENTITY

STRUST identity together with description (client/server, etc.)

CERTIFICATE_SUBJECT

Certificate definition

EXPIRES_IN

Number of days until the certificate expires. If the certificate is already expired, the value is set to EXPIRED.