SSL certificates

The SSL tracker ensures that you're kept notified of expiring certificates for your client's externally facing services and websites that are secured with SSL.

Everything is designed to make it easy to track SSL certificate expirations. When you add a domain that has an SSL certificate installed, the certificate is automatically added to the SSL tracker. Other SSL certificates are captured in a very similar manner as domains. You enter the host name associated with the certificate, and the public aspects of the certificate will auto-populate.

You can be notified of expiring certificates across any number of SSL certificate provider accounts using workflows. Expiring certificates are also shown on the Global > Expirations report.

Check out this IT Glue express video (2:07) to see the domain and SSL trackers in action:

IT Glue express video

Learn more about the domain tracker in this topic.

Preparation

  • To begin, you'll need access to known DNS records for the client, which will probably require logging in to the domain registrar or hosting company's DNS management console for each client domain.
  • Research with key contacts who supply the certificates and record any account information and passwords used for certificate management. If necessary, revisit the Vendors and Passwords areas to record these credentials.
  • Check the DNS zone file records for any CNAME records that might potentially have https:// components. Here's a short checklist of some common options to browse:
    • Remote
    • Mail
    • Webmail
    • OWA
    • CRM
    • App
    • Voice
    • Secure
    • Billing
    • VPN

Instructions

  1. Browse to each subdomain and check the certificate name using the security feedback from your browser.
  2. From IT Glue, navigate to the organization that the certificate belongs to.
  3. Click on SSL Certificates in the left sidebar and then on the + New button in the top-right corner.
    SSL_Certificates.png
  4. Under Certificate host, provide a valid host name that uses the certificate you want to add. For wildcard certificates, enter any subdomain that is associated with that certificate, so instead of *.example.com, enter subdomain.example.com.
    SSL-Certificate-Host.png
    • Alternatively, for self-signed certificates or in cases where the certificate cannot be retrieved from a host, you can manually copy and paste the PEM-encoded certificate in the Certificate field. The public aspects of the certificate are automatically parsed from the certificate itself. You should only include the certificate here, not the rest of the chain.
      SSL-Certificate.png
  5. Click Save. Wait a few moments to refresh your page and then you will be able to review information about the certificate.
    SSL-Certificate-Info.png
  6. (Optional) Edit the certificate to paste in the private key that's stored on the server and add any other certificate details:
    • Intermediate chain - Use this field to store the rest of the certificate chain. You might want to provide this for future reference in case you need to provision a server with the certificate. Paste the certificate chain in PEM-encoded format. Do not include the root certificate in this field.
      SSL-Intermediate-Chain.png
    • Certificate signing request - Store the original CSR for your certificate in the event you need it for a future renewal.
      SSL-Certificate-Signing-Request.png

    • Private key - Store the certificate's private key in this field. This may be useful if you need to provision a server with the certificate at a later date. This field is stored securely in encrypted format in our database.
      SSL-Private-Key.png

    • Notes - Add any additional notes regarding the certificate.
  7. Click Save to make your changes.

Additional Notes

  • IT Glue will refresh publicly available certificate information once every 24-48 hours, as long as you provided a certificate host name to pull the update from. If you just copied and pasted PEM files into IT Glue (steps 5 and 7), these manually entered certificates will not automatically refresh.
  • If an update fails the system will make five attempts. If those attempts are not successful, then it will wait one week before trying again.