Below are brief descriptions of Red Kestrel products and also explanations of some of the technical terms used when discussing the products. These explanations cover areas such as SSL, digital certificates, and SSL certificate expiration.

CSR Checker

A CSR Checker, also know as a CSR Decoder, is a tool that allows you to decode a CSR and check its contents. Our CSR Decoder not only decodes your CSR so you can check its contents, but also carries out additional checks. There are several additional CSR tests including: signature verification, Debian weak key test, weak algorithm test, subject DN completeness test, and key size check.

Certificate Signing Request

A Certificate Signing Request (CSR) is a message sent to a Certification Authority requesting an X.509 certificate. Please see our CSR FAQ for more details.

Certificate Expiration Monitor

A Certificate Expiration Monitor (sometimes called an SSL Expiration Checker, Cert Expiration Checker, or Certificate Expiry Monitor) alerts you to certificates that have reached their expiration date, and certificates that are approaching their expiration date. Our Certificate Expiration Checker will scan your network or a list of specified hosts and alert you by email to any certificates that are approaching expiry or that have already expired. In addition, the product will provide a detailed report of all the certificates it has scanned not just those that have expired or that are expiring.

Certificate Expiration Checker

See Certificate Expiration Monitor

Certificate Validity Period

An X.509 certificate, like a passport or driving licence, has a validity period. It has a start date, that is a date when it becomes valid. It also has an end date, that is a date after which it is no longer valid. The start and end dates in the X.509 certificate are given the names NotBefore and NotAfter respectively. Once the certificate the NotAfter has passed the certificate is said to be expired and is no longer valid.

Expired Certificate

Every X.509 certificate has a NotAfter field indicating the certificate's date of expiration. After this date has past the certificate has expired and an expired certificate should not longer be trusted. You can use the Red Kestrel Certificate Expiration Monitor to obtain alerts when your SSL certificates need to be renewed because they are approaching expiration.

SSL Monitor

Our SSL Monitor is called CertAlert. It will scan your networks for deployed SSL certificates and alert you when any are coming up for renewal. See Certificate Expiration Monitor

SSL Checker

An SSL Checker is a tool that carries out checks to check that your SSL certificate is correct and that it has been installed correctly. Our SSL Checker connects to your web site in the same way a browser does. It will alert you to problems with the certificate or installation. It carries out several checks including certificate still valid, signature verification, Debian weak key test, weak algorithm test, trusted issuer test, subject DN completeness test, key size check, and host listed correctly in cert check.

SSL Expiry Checker

See Certificate Expiration Monitor

SSL Scanner

An SSL Scanner will scan a network for SSL certificates and produce a report of its findings. A good SSL scanner will provide useful insights into the SSL certificates that you have deployed within your networks. Our SSL Scanner will scan your network by IP Range or from a list of hosts and provide detailed reports on your SSL certificates deployed. The Red Kestrel SSL Certificate Scanner is an application available on both the Windows and Linux platforms. The Linux SSL Scanner has many features including: scans for SSL certificates, multi-threaded technology for fast scanning, highlights certificates containing weak blacklisted RSA keys, highlights several potential certificate issues, configurable TCP ports, and detailed HTML and CSV formatted reports.

SSL Port

There are several well known TCP ports used for SSL secured communications. Please see SSL Ports for more detail.