[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The day I lost my job due to monit

From: Werner Flamme
Subject: Re: The day I lost my job due to monit
Date: Wed, 09 Dec 2020 11:56:44 +0100
User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0

Am 2020-12-06 um 12:18 schrieb SZÉPE Viktor:
Idézem/Quoting Werner Flamme <>:

Am 04.12.2020 um 16:52 schrieb
I configured monit to monitor the TLS certificate validity of all of our
highly productive websites. To all websites, the unnecessary full
certificate (without root CA) was installed. However, on 30th of May
2020 one of the chain certificates (COMODO) ran out of its validity
period. Obviously monit only checks for the server certificate, that's
why the check did not notice this, and such a check is completely
pointless. It led to a massive damage to my company, and since I was to
deal with monitoring as well as TLS certificates, I had to move on to
find a new job.

I do not understand why a server certificate is valid longer than any of
the intermediate certificates. Has the COMODO intermediate certificate
been revoked or did it reach its valid date?

Hello Werner!

It was a transition to anther signing root.
PKI is a changing landscape.
Google for COMODO 2020 cross-signing.

Hello Viktor,

so, the intermediate cert was valid when the change happened. How would one monitor this change in advance?

Ithink, in such cases you have to be awake personally. You should have gotten information beforehand, issued by COMODO. You should've had time to renew and change the certificates. I do not see how to get monit to warn you here.



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]