Configuration
General Settings
Expiration Imminent: The highest level of alerting, indicating that certificate expiration is imminent. Crossing this threshold triggers a problem with the AVAILABILITY severity. Expired certificates will also alert at this alert level.
Expiration Soon: The initial alerting level. Crossing this threshold triggers a problem with the ERROR severity. The certificate not_valid_after date requires attention but expiration is not yet imminent.
Interval between certificate discovery and metadata checks (hours): The frequency with which the extension will update discovered certificates and process the available data. During initial setup and testing, a smaller value may be appropriate. Once the extension is fully configured, an interval of 8 hours is recommended.
In addition to determining how often certificate discovery and metadata updates take place, the check interval determines how problems are resolved. All certificate problems will remain open until a certificate check can confirm that the problem has been resolved. An interval of 24 hours will cause a certificate problem to remain open a minimum of 24 hours. The problem will not resolve until the next check can determine if the problem is resolved.
Unified Analysis Screens and Certificate Status Metric: Unified Analysis Screens contain metadata on all discovered certificates. This features requires the collection of data using the Certificate Status metric (certificate.monitor.status). For the best experience, it isrecommended to enable metric collection. When disabled, extension functionality is limited to alert creation and log events. This option consumes DDUs.
Annual DDU consumption is calculated using the following formula:<# of discovered certificates> x <24 / certificate check interval (hours)> x 365 x 0.001. e.g., A single certificate checked every 8 hours will consume ~3 (1 x (24/3) x 365 x 0.001)DDUs per year
Port Range Customization
Optional feature to define inclusive and exclusive port ranges during certificate discovery.
Port range to include: A range of ports can be expressed with a hyphen. Individual or groups of ports can be separated with a semicolon. i.e. 443;1024-2000;50000-51000
Port range to exclude: An optional range of ports to exclude. This setting is applied after the include rule. For example, if ports 400-410 are included and port 405 is excluded, the resulting set of ports will be 400-404 and 406-410.
Filter processes by technology type
Optional setting to limit certificate checks to specific technology types. This filter can be set to include only the technologies listed or to exclude the technologies listed from monitoring.
Add Technology: Add a technology to the filter defined above. The technology types available are the "Main Technology" types that are present in process views. Some processes will show multiple entries under "Main technology". Technology type filter uses OR logic. A process that lists "IIS, IIS App Pool and .NET" as main technologies will be monitored if any combination of the technologies is added to this filter.
Add additional SNI domains
Optional setting to configure additional SNI (Server Name Indication) domains
Add Domain: An advanced setting to provide a list of domains to use in with Server Name Indication. SNI is an extension to the TLS protocol which is used in HTTPS. Use this setting to specify the domain name of a website during the initial TLS Handshake instead of when the HTTPS connection opens after the handshake.
Log certificate status
Log certificate status interval: The extension will log event metadata when a certificate is in a warning state. In addition, the extension will also periodically log certificate metadata of certificates in a healthy state. The purpose of this setting is to make it possible to query for certificate metadata regardless of the health state of the certificate.
Check hosts by domain name
Optional list of domains to check directly. The extension will attempt to open a connection to the domains provided. This feature requires that the extension host is able to establish a connection to the domain.Currently in early preview. Only monitor a domain on a single local monitoring configuration. In most cases, it is recommended to deploy this extension remotely (on an ActiveGate) for domain based monitoring.
Add domain: Optionally provide a list of domains that they extension will check directly.
Enable Debug
Check this box to enable debug level logging. Logs are available (by default) on Linux at:/var/lib/dynatrace/remotepluginmodule/log/extensions/datasources and on Windows at:C:\ProgramData\dynatrace\remotepluginmodule\log\extensions\datasources
