CertAlert More Info
Please feel free to email if you have any questions about CertAlert. We appreciate hearing from anyone using or trying out CertAlert. Just send an email to [email protected] and we will do all we can to answer your questions.
What is CertAlert?
CertAlert is a .NET console application for managing SSL certificates. It scans your networks based on input IP ranges (or hostnames) and port ranges, and generates detailed CSV and summary PDF reports on the certificates it finds. Detected issues, such as expired, expiring, self-signed, md5, and short key certificates, are highlighted.
In addition to displaying progress in a PowerShell command window, CertAlert can send alerts and reports via email to multiple recipients. It can be run manually from the command window or scheduled to run periodically using the Windows Scheduler.
CertAlert Benefits
CertAlert offers the following benefits:
- Prevent downtime by receiving timely alerts when certificates need renewing
- Save time by automating certificate discovery and monitoring across your networks
- Save money by reducing your certificate management overhead
- Avoid lost sales because someone forgot to renew a certificate
- Avoid brand damage because an expired certificate caused loss of trust
CertAlert Features
CertAlert offers many features including:
- Scans for certificates by IP ranges or a hosts file
- Can identify SSL certificates on: Windows, Linux, Unix, Devices, etc
- Lets you specify which ports / port ranges should be checked
- Understands the following types of SSL certificates (OV, DV, EV, self-signed etc)
- Automated expiry alerts emailed to multiple contacts
- Detailed certificate reporting
- Identify problems with Issuers, Key Lengths, Algorithms etc
- Supports many protocols including: HTTPS, LDAPS, POP3S, IMAPS, SMTPS
- Also supports SMTP STARTTLS
- Can run automatically using the Windows Task Scheduler
CertAlert Reports
Each time CertAlert runs, it creates two reports: a CSV and PDF formatted report. The PDF report identifies specific certificate issues such as self-signed certificates, short key certificates, certificates using the MD5 algorithm etc. The CSV report contains detailed information about all the certificates found. An example CSV report showing just some of the the fields that can be included is shown below.
CertAlert Report Columns
The table below provides a description of each of the fields that you can configure to be included in a CSV report.
| Field Heading | Description | |||
|---|---|---|---|---|
| Hostname | A hostname or IP address indicating the target host | |||
| Port | The TCP port used to communicate with the remote server | |||
| Common Name | The Common Name (CN) of the server's certificate. This normally matches the fully qualified domain name of the server CertAlert connected to to get the certificate. | |||
| Issuer Org. | The organisation part of the issuer's distinguished name | |||
| Issuer | A distinguished name defining the entity that issued the certificate | |||
| Subject | A Distinguished Name defining the entity associated with the certificate | |||
| Signature Algorithm | The algorithm used to sign the certificate Lets you identify the presence of insecure algorithms, such as MD5 | |||
| Key Size | The RSA key size (bits) | |||
| Serial Number | The certificate's serial number | |||
| SelfSigned | Indicates if the certificate is a self-signed certificate | |||
| Verified | Indicates if the certificate was verified inline with rfc5280 | |||
| SANS | The certificate's DNS subject alternative names | |||
| NotBefore | The date the certificate becomes valid. | |||
| NotAfter | The date after which the certificate is no longer valid. | |||
| Days | The number of complete days before the certificate expires | |||
| ExpiryStatus | One of the following: OK, EXPIRING, EXPIRED, ERROR | |||
| Certificate | The complete certificate (PEM Formatted) | |||
| ErrorInfo | This field contains information about errors that occurred when getting or validating the certificate. | |||
Running CertAlert
The screenshot below shows the CertAlert output when run from the console. CertAlert can also be easily automated or scripted. See our Getting Started page for information about downloading and running CertAlert for the first time.
More About What CertAlert Does
Like a passport or driving licence, an SSL certificate has a validity period. When a CA issues a certificate, it includes an expiration date. The certificate's expiration date is normally one or two years from the date of issue. To ensure that a certificate remains valid, it must be renewed with a CA prior to its expiration date. When an organisation has many certificates with different expiration dates issued from multiple CAs the task of managing them can become arduous and error-prone. CertAlert can reduce the risk of a certificate being left to expire by periodically querying your servers and alerting you in good time when certificates need renewing.
Using an IP range or text file of hostnames, CertAlert will report the expiration status of each certificate it finds. It provides detailed CSV reports of the certificate information collected; the report format is suitable for importing into other applications such as a spreadsheet or database. While running, CertAlert can write certificate details to a DOS command window to provide feedback on its progress. In addition, alerts and a summary report can be emailed by CertAlert to one or more recipients. CertAlert can be run manually from a DOS command window or called periodically by the Windows Task Scheduler.
For more information also see the CertAlert FAQ