SSL Certificates Report

SSL certificates authenticate the identity of a website and enable an encrypted connection between a web server and the browser of a user. Whenever an SSL certificate expires, the site becomes inaccessible or is marked as "Not Secure" by browsers. This impacts the service and severely damages brand reputation of the business. Therefore, it is essential to proactively generate a report on when SSL certificates are about to expire and obtain a list of SSL certificates that had already expired. The SSL Certificates Report fulfills this purpose for the administrators.

To generate the report, do the following:

  1. Select the SSL Certificates option by following the menu sequence: REPORTS BY FUNCTION -> Domain-specific Reports -> Security and Compliance.

  2. Figure 1 then appears. In Figure 1, select a criteria for analysis from the Analyze By list box.

    Figure 1 : Specifying the criteria for generating the SSL Certificates report

  3. Using this report, you can analyze the validity of SSL certificates of one/more managed components, or those that are part of a zone, service or segment. The options provided by the Analyze By list box are discussed hereunder:

    • Component: Select this option to choose the component(s) from across all the managed components in the environment.
    • Zone: To generate a report for one/more components that are included in a zone, pick the Zone option. A Zone drop-down list will then appear, from which you would have to select the zone to which the components of interest to you belong. A Sub zone flag also appears. Indicate whether the components present within the sub-zones of the chosen zone are also to be to be considered for report generation, by setting the Sub zone flag to Yes.
    • Segment: If you want to generate a report for one/more chosen components that belong to a segment, select the Segment option from Analyze By list box, and then pick the Segment from the drop-down list that appears.
    • Service: If you want to generate a report for one/more components involved in the delivery of a service, select the Service option from Analyze By, and then pick the required Service from the drop-down list that appears.
  4. Next, from the Component Type list, pick the component type for which the report is to be generated. By default, All Component Types option is chosen from this list.
  5. The Components list will now be populated with all the components that are managed in your environment for the chosen component type. If the Components list consists of too many components, then viewing all the components and selecting the ones you need for report generation could require endless scrolling. To avoid this, you can click the button next to the Components list. A Components pop up window will then appear using which you can view almost all the components in a single interface and Select the ones to be included in this report.

  6. By default, All Certificates option is chosen from the Certificate list indicating that this report will be generated for all the SSL certificates of the manged components in the target environment. Pick an SSL certificate from this list if you wish to generate the report on the validity of that SSL certificate alone.

  7. Then, specify the Timeline for generating this report. You can either provide a fixed time line such as 1 hour, 2 days, etc., or select the Any option from the list to provide a From and To date/time for report generation.

    Note:

    For every user registered with the eG Enterprise, the administrator can indicate the maximum timeline for which that user can generate a report. Once the maximum timeline is set for a user, then, whenever that user logs into eG Reporter and attempts to generate a report, the Timeline list box in the report page will display options according to the maximum timeline setting of that user. For instance, if a user can generate a report for a maximum period of 3 days only, then 3 days will be the highest option displayed in the Timeline list - i.e., 3 days will be the last option in the fixed Timeline list. Similarly, if the user chooses the Any option from the Timeline list and proceeds to provide a start date and end date for report generation using the From and To specifications, eG Enterprise will first check if the user's Timeline specification conforms to his/her maximum timeline setting. If not, report generation will fail. For instance, for a user who is allowed to generate reports spanning over a maximum period of 3 days only, the difference between the From and To dates should never be over 3 days. If it is, then, upon clicking the Run Report button a message box will appear, prompting the user to change the From and To specification.

  8. In addition to the settings discussed above, this report comes with a set of default specifications. These settings are hidden by default. If you do not want to disturb these default settings, then you can proceed to generate the report by clicking the Run Report button soon after you pick one/more components for report generation. However, if you want to view and then alter these settings (if required), click on the icon. The default settings will then appear in the More Options drop down window (See Figure 2). The steps below discuss each of these settings and how they can be customized.

    Figure 2 : The default settings for generating the report

  9. eG Enterprise offers the flexibility of allowing the administrators to view the validity of the SSL certificates from the generated report at a single glance. This can be achieved by providing the lower/higher threshold limits of your choice i.e., providing the Critical/Major/Minor values in the appropriate colored text boxes underneath the Certificate Validation section. By default, this is set to 30/60/90 in the order of Critical/Major/Minor. Doing so, whenever the SSL certificate validity violates the specified threshold values, the SSL certificate validity will be highlighted with the corresponding color of the specified text box in the generated report. This way, you can easily identify the SSL certificates that are nearing expiry in your environment.

  10. In large environments, reports generated using months of data can take a long time to complete. Administrators now have the option of generating reports on-line or in the background. When a report is scheduled for background generation, administrators can proceed with their other monitoring, diagnosis, and reporting tasks, while the eG manager is processing the report. This saves the administrator valuable time. To schedule background processing of a report, you can either select the Background Save - PDF option or the Background Save - CSV option from the Report Generation list. To process reports in the foreground, select the Foreground Generation - HTML option from this list.

    Note:

    • The Report Generation list will appear only if the EnableBackgroundReport flag in the [BACKGROUND_PROCESS] section of the eg_report.ini file (in the <EG_INSTALL_DIR>\manager\config directory) is set to Yes.
    • The default selection in the Report Generation list will change according to the Timeline specified for the report. If the Timeline set is greater than or equal to the number of days specified against the MinDurationForReport parameter in the [BACKGROUND_PROCESS] section of the eg_report.ini file, then the default selection in the Report Generation list will be Background Save - PDF. On the other hand, if the Timeline set for the report is lesser than the value of the MinDurationForReport parameter, then the default selection in the Report Generation list will be Foreground. This is because, the MinDurationForReport setting governs when reports are to be processed in the background. By default, this parameter is set to 2 weeks - this indicates that by default, reports with a timeline of 2 weeks and above will be processed in the background.
  11. Click the Done button once you have made the necessary changes to the More Options drop down window.
  12. Finally, click the Run Report button to generate the report.

  13. If the Report type is Foreground Generation - HTML, then Figure 3 will appear as soon as you click the Run Report button.

    Figure 3 : The generated SSL Certificates report

    The generated report (see Figure 3) displays the following sections:

    • The Overview section reveals at a single glance the count of unique SSL certificates in the target environment over the chosen period of time, the count of SSL certificates with a validity greater than <N> days, the count of SSL certificates with a validity lesser than <N> days and the count of SSL certificates that had already expired over the chosen period of time.

      Note:

      Here, <N> is the number of days that you specify against the Minor threshold field under the Certificate Validation section of Figure 2. By default, it is 90 days.

    • The SSL Certificates table reveals further details of each SSL certificate such as the name of the SSL certificate (includes root/intermediate certificates too), the type/target of the SSL certificate, the validity and the component on which the SSL certificate is installed. To easily identify the SSL certificates that had expired already, the CERTIFICATE VALIDITY column for those certificates carry a value of 0 which is highlighted in bright red color (see Figure 3). Similarly, to easily identify the SSL Certificates that are about to expire, then, based on the number of days and the color-coding mentioned in the Critical/Major/Minor text boxes of the Certificate Validation field of Figure 2, the number of days for each certificate will be highlighted with appropriate colors in the CERTIFICATE VALIDITY column (see Figure 3).