Does anyone have any recommendations of a product or tool to help keep track of certificate expiration dates? We have a lot of certificates across the enterprise and tracking them all has proven challenging.

1.8k views1 Upvote5 Comments

Principal Information Security Officer in Education, 10,001+ employees

This is a free web-based service that will check your website certificates and notify you via email or text.  You can set up multiple contacts.

There are many other standalone web certificate monitoring tools -- but these one has the least amount of setup and configuration.

It still only checks and notifies you that a certificate is expiring, it doesn't automatically renew a certificate.
Director of IT in Software, 201 - 500 employees
Check if the CA you are buying the certs from has a tool for this (assuming you are talking about publicly signed certs). There are 3rd part tools that you can install agents on the environment that will scan the endpoints, detect and report certs and some will even allow you to renew the certs. I use a tool from the CA itself, some 3rd part tools allow you to manage certificates from various CAs.
Tanium has a way to report certificates on the endpoints. Depending if the certs are only SSL and are on the NLBs/Webservers or are installed on the endpoints and how many certs you need to manage, you might need to buy a Certificate Lifecycle manager. Some tools can only manage publicly signed certs, some can do public and private certificates (from your own CA). Check AppViewX and DigiCerts, both are good. 
CTO for Digital & IT in Healthcare and Biotech, 10,001+ employees
If like many of us you use ServiceNow, it added a certificate management module about 3 years ago. It's not as powerful as some solutions on the market, but it seems to cover the basics in terms of automation (including integration with some common public cert providers) and of course ties into the CMDB, since certs really should be CIs, and into your ITSM processes.
CIO in Healthcare and Biotech, 5,001 - 10,000 employees Venafi and AppViewX are good options
VP of Engineering in Banking, 201 - 500 employees
- In my workplace, we use Datadog synthetic monitoring. If you're not using Datadog, I think there should be other alternatives as long as they support health check with certificate expiry date.
- A simpler rudimentary approach: have a central calendar and create a reminder every time we create/renew the certificate

Content you might like

An excellent language that has a bright future21%

A great language that enabling rapid MVPs, but not full products53%

Somewhat sustainable but should look to be sunset22%

A dead or dying technology5%


566 views3 Upvotes

Once a day28%

Once every few days34%

Once a week17%

Once a month10%

Once a year5%



818 views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41k views131 Upvotes319 Comments