Overview
URL Monitors allow CertMS to actively monitor SSL/TLS certificates presented by websites and web services. By regularly scanning specified URLs, CertMS tracks certificate details, expiration dates, and changes, ensuring you’re alerted before certificates expire or are modified unexpectedly.
What is URL Monitoring?
URL monitoring connects to a specified web address and port to retrieve and analyze the SSL/TLS certificate being presented. This is ideal for:
- Public-facing websites
- Internal web applications
- API endpoints
- Load balancers and reverse proxies
- Any HTTPS service requiring certificate monitoring
Prerequisites
Before configuring URL monitors, ensure:
- You have the URLs and ports you want to monitor
- Network connectivity exists between CertMS scanners and target URLs
- Firewall rules allow outbound HTTPS connections from scanners
- You have appropriate permissions in CertMS to create monitors
Step-by-Step Configuration
Step 1: Access URL Monitor Management
- In the left-hand navigation menu, click on URL Monitors
- This page displays all currently configured URL Monitors
- Review existing monitors and their status
Step 2: Create New URL Monitor
- Click the Create New URL Monitor button
- Complete the required configuration fields
Step 3: Configure Monitor Settings
Required Fields
| Field | Description | Example |
|---|---|---|
| Monitor Name | Descriptive name for this monitor (required) | “Company Website – www.example.com“ |
| URL | Full URL or hostname to monitor (required) | https://www.example.com or www.example.com |
| Port | TCP port for SSL/TLS connection (defaults to 443) | 443 (standard HTTPS) |
| Monitoring Frequency | How often CertMS scans this URL (required) | Daily, Weekly, Hourly, etc. |
Scanner Assignment
| Field | Description | Default |
|---|---|---|
| Assigned Scanner | Which scanner performs the monitoring | Local Scanner |
Note: The Local Scanner is CertMS’s built-in scanner. If you have configured additional scanners (for internal networks or specific locations), you can select them here.
Scheduling Options
| Field | Description | Example |
|---|---|---|
| Start Date | When monitoring should begin | 2025-09-06 |
| Start Time | Time of day for first scan | 09:00 AM |
| Enabled | Activate/deactivate monitoring | ✅ Checked by default |
Step 4: Save the URL Monitor
- Review all entered information for accuracy
- Click Create or Save to create the URL Monitor
- The monitor will appear in your URL Monitors list
- Monitoring will begin based on your configured schedule
How URL Monitoring Works
Scanning Process
- Connection: Scanner connects to the specified URL and port
- Certificate Retrieval: SSL/TLS certificate is retrieved during handshake
- Analysis: Certificate details are extracted and analyzed
- Storage: Certificate information is stored in CertMS
- Alerting: Expiration warnings and changes trigger notifications
What Gets Monitored
CertMS tracks the following certificate information:
- Common Name (CN) and Subject Alternative Names (SANs)
- Issuer (Certificate Authority)
- Expiration date and validity period
- Certificate chain and intermediate certificates
- Key size and algorithm
- Serial number and fingerprint
Monitoring Frequency Options
Choose an appropriate monitoring frequency based on your needs:
| Frequency | Best For | Use Case |
|---|---|---|
| Hourly | Critical production systems | High-availability websites, payment systems |
| Daily | Standard websites and applications | Most corporate websites and services |
| Weekly | Internal applications | Development/staging environments |
| Monthly | Low-priority monitoring | Archive sites, rarely-accessed services |
Best Practice: Monitor production systems daily or more frequently to catch certificate issues quickly.
Scanner Selection
Local Scanner (Default)
- Built into CertMS
- Monitors publicly accessible URLs
- No additional configuration required
- Suitable for internet-facing websites
Custom Scanners
If you’ve configured additional scanners:
- Internal network scanners: Monitor intranet sites and internal applications
- Geographic scanners: Test certificate presentation from different locations
- DMZ scanners: Monitor services in demilitarized zones
Note: Custom scanner configuration is covered in advanced documentation. Contact support@certms.com for assistance setting up additional scanners.
Managing URL Monitors
Viewing Monitor Status
- Navigate to URL Monitors in the left-hand navigation
- View all monitors with current status:
- ✅ Active: Monitor is running and scanning successfully
- ⏸️ Disabled: Monitor is not currently active
Editing Existing Monitors
- Click on any URL Monitor in the list
- Modify settings as needed
- Save changes
Disabling Monitors
To temporarily stop monitoring without deleting:
- Open the URL Monitor
- Uncheck the Enabled checkbox
- Save changes
Deleting Monitors
To permanently remove a URL Monitor:
- Select the monitor from the list
- Click Delete or the delete icon
- Confirm deletion
Best Practices
URL Format
- Include protocol: Use
https://prefix when possible - Specify subdomains:
www.example.comvsexample.commay present different certificates - Test first: Verify the URL is accessible before creating the monitor
Port Configuration
- Standard HTTPS: Port 443 (default)
- Custom ports: Specify if your service uses non-standard ports (e.g., 8443)
- Multiple ports: Create separate monitors for the same URL on different ports
Monitoring Strategy
- Monitor all public endpoints: Include all customer-facing URLs
- Include load balancers: Monitor the load balancer certificate, not just backend servers
- Set appropriate frequency: Balance monitoring needs with system load
Organization
- Use descriptive names: Include environment and purpose (e.g., “Production API – api.example.com”)
- Group related monitors: Use consistent naming conventions
- Document custom ports: Note why non-standard ports are used
Troubleshooting
Common Issues
| Issue | Possible Cause | Solution |
|---|---|---|
| Connection failed | URL unreachable or firewall blocking | Verify URL accessibility and firewall rules |
| Certificate not found | Non-HTTPS URL or wrong port | Confirm URL uses HTTPS and port is correct |
| Timeout errors | Slow response or network issues | Check network connectivity and server response time |
| Scanner offline | Assigned scanner not running | Verify scanner status or switch to Local Scanner |
Verification Steps
- Test URL manually: Open the URL in a browser to verify it’s accessible
- Check certificate: View certificate in browser to confirm it’s being presented
- Verify port: Ensure the correct port is specified for HTTPS
- Review scanner status: Confirm assigned scanner is active and connected
- Check firewall rules: Ensure outbound HTTPS is allowed from scanner
Certificate Not Updating
If certificate information isn’t updating:
- Check monitoring frequency: Ensure enough time has passed for next scan
- Verify monitor is enabled: Confirm the Enabled checkbox is checked
- Review scanner logs: Check for errors in scanner execution
- Test connectivity: Manually verify URL is accessible from scanner location
Need Help? Contact our support team at support@certms.com for assistance with URL monitor configuration or troubleshooting connection issues.
