subhorachana
asked on
SSL certificate expiration issue
Hello,
We have an external facing https:\\ web service hosted on IIS that has a Digicert SSL certificate.
The client is accessing this web service. On friday the certificate expired and we did not have any monitoring in place to identify that it expired.
When we tried to acces sthe web service from URL on IE to see why the client was not able to submit the messages to the web services. the WS was responding, so we did not really realise that the certificate had expired and the client was not able to submit messages to the web service due to the expiration of the certificate.
The issue , that the web service was not accepting message , was due to certificate expiration was caught by the client.
Was there any way we could have caught the issue, esp because the web service was opeing in the URL properly.What else can we do to catch such issues?and what could we have done to make sure that the web service was responding the way it should have?
Please suggest.
We have an external facing https:\\ web service hosted on IIS that has a Digicert SSL certificate.
The client is accessing this web service. On friday the certificate expired and we did not have any monitoring in place to identify that it expired.
When we tried to acces sthe web service from URL on IE to see why the client was not able to submit the messages to the web services. the WS was responding, so we did not really realise that the certificate had expired and the client was not able to submit messages to the web service due to the expiration of the certificate.
The issue , that the web service was not accepting message , was due to certificate expiration was caught by the client.
Was there any way we could have caught the issue, esp because the web service was opeing in the URL properly.What else can we do to catch such issues?and what could we have done to make sure that the web service was responding the way it should have?
Please suggest.
ASKER
Ok , other than the tool, is there anything we could have done on friday to test that the web service is not accepting new requests.I ask this because there was no error logged on the IIS log, neither was the web service down..SO it was a little confusing to find the issue.
How does the SSL certificate expiration cause issue and how to catch it?
How does the SSL certificate expiration cause issue and how to catch it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just did a quick search on Google and it gave me the OpenSSL client (for Windows and Linux) solution again:
http://stackoverflow.com/questions/793556/getting-ssl-certificate-issued-to-programatically
You can use this client on the command line and query the results to see if you are having SSL troubles.
http://stackoverflow.com/questions/793556/getting-ssl-certificate-issued-to-programatically
You can use this client on the command line and query the results to see if you are having SSL troubles.
ASKER
Thanks for the explanation.
Is there any site/blog that explains more?
Is there any site/blog that explains more?
Sure, the Wikipedia article is pretty good, although it mainly describes the successor TLS (which is some kind of an SSL extension, the mechanisms are the same):
http://en.wikipedia.org/wiki/Transport_Layer_Security
This article gives a more in-detail description of how SSL works:
http://linux.chinaunix.net/techdoc/net/2009/04/28/1109216.shtml
HTH!
http://en.wikipedia.org/wiki/Transport_Layer_Security
This article gives a more in-detail description of how SSL works:
http://linux.chinaunix.net/techdoc/net/2009/04/28/1109216.shtml
HTH!
http://www.fiddler2.com/fiddler2/
Fiddler is a web debugging tool to monitor and check network traffic and it's also capable to test SSL connections.
If you are on Linux/Unix, try the OpenSSL client, there is an excellent tutorial on cyberciti.biz:
http://www.cyberciti.biz/faq/test-ssl-certificates-diagnosis-ssl-certificate/