SSL certificate expiration issue

Hello,
We have an external facing https:\\ web service hosted on IIS that has a Digicert SSL certificate.
The client is accessing this web service. On friday the certificate expired and we did not have any monitoring in place to identify that it expired.
When we tried to acces sthe web service from URL on IE to see why the client was not able to submit the messages to the web services. the WS was responding, so we did not really realise that the certificate had expired and the client was not able to submit messages to the web service due to the expiration of the certificate.
The issue , that the web service was not accepting message , was due to certificate expiration was caught by the client.
Was  there any way we could have caught the issue, esp because the web service was opeing in the URL properly.What else can we do to catch such issues?and what could we have done to make sure that the web service was responding the way it should have?
Please suggest.
subhorachanaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SwafnilCommented:
I would recommend using Fiddler2:

http://www.fiddler2.com/fiddler2/

Fiddler is a web debugging tool to monitor and check network traffic and it's also capable to test SSL connections.

If you are on Linux/Unix, try the OpenSSL client, there is an excellent tutorial on cyberciti.biz:

http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/
0
subhorachanaAuthor Commented:
Ok , other than the tool, is there anything we could have done on friday to test that the web service is not accepting new requests.I ask this because there was no error logged on the IIS log, neither was the web service down..SO it was a little confusing to find the issue.

How does the SSL certificate expiration cause issue and how to catch it?
0
SwafnilCommented:
Each certificate is issued for a predefined amount of time, i.e. self-signed certifcates on IIS are generated with a default validity period of 1 year. After the SSL certificate has been installed on the web server, SSL encrypted connections can be negotiated when a SSL enabled client accesses a page over HTTPS, the entire encryption process is started through the calling SSL client, there is no server process running anywhere checking if a certificate expired. The negotiation process will be interrupted if the client a) thinks the certificate has not been issued by a trusted authority or b) the certificate has expired, again it's the client interrupting the connection, no server process involved.

If you are on Windows you can manually check the validity through "inetmgr.msc" (available on servers running IIS) but as far as I know there is no programmatic way to check validity with the default tools shipping with most OS's.

How about storing the day of expiration on Outlook? ;-)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

SwafnilCommented:
Just did a quick search on Google and it gave me the OpenSSL client (for Windows and Linux) solution again:

http://stackoverflow.com/questions/793556/getting-ssl-certificate-issued-to-programatically

You can use this client on the command line and query the results to see if you are having SSL troubles.
0
subhorachanaAuthor Commented:
Thanks for the explanation.
Is there any site/blog that explains more?
0
SwafnilCommented:
Sure, the Wikipedia article is pretty good, although it mainly describes the successor TLS (which is some kind of an SSL extension, the mechanisms are the same):

http://en.wikipedia.org/wiki/Transport_Layer_Security

This article gives a more in-detail description of how SSL works:

http://linux.chinaunix.net/techdoc/net/2009/04/28/1109216.shtml

HTH!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.