Transport Layer Security (TLS) is a cryptographic protocol commonly used to provide secure network communication between web servers and browsers. TLS has been the main communication security strategy since 2015, when its predecessor, Secure Sockets Layer (SSL), was declared insufficiently secure by RFC 7568. With Datadog’s new integration you can monitor the status of TLS certificates along with the rest of your web stack to ensure that your network communication remains private, reliable, and secure.
To establish a secure connection with a client (e.g., a web browser), the client and server must complete a series of steps (known as a “handshake”) to authenticate their identities and agree on a data encryption method. To facilitate these “handshakes”, applications refer to data stored in TLS certificates. If a certificate is expired or isn’t formatted properly, handshakes will fail and web servers and browsers won’t be able to communicate securely. This can lead to downtime, which hurts traffic and damages user trust.
With Datadog’s TLS integration, you can automatically get alerted whenever any TLS certificate is close to its expiration date, giving you enough time to renew the certificate(s) without any gaps in coverage.
The Datadog Agent automatically runs checks on your TLS certificates, and displays their real-time status in an out-of-the-box dashboard. One type of status check helps ensure that TLS certificates are valid. If the Agent detects a validation error (e.g., an improperly formatted certificate or if the hostname listed on the certificate doesn’t match the hostname of the server it belongs to), the validation check will fail, prompting you to troubleshoot and review your TLS configuration.
You can also configure the Agent to track the expiration status of your TLS certificates. By default, the Agent will return a
CRITICAL status if a certificate is within seven days of its expiration date, giving you enough time to renew it before your service experiences any downtime.
For further visibility, you can clone the TLS dashboard and add custom metrics from other parts of your environment, as shown below.
If your organization manages large numbers of TLS certificates—which may all run on different expiration schedules—you can create a top list to see which certificates are closest to expiration, so you don’t forget to renew any of them.
With Datadog’s TLS integration, you can customize dashboards to include TLS status widgets alongside health and performance data from the various components of your web stack. If you are monitoring a MEAN stack, for instance, you can display the status of your TLS certificates alongside key MongoDB and ExpressJS metrics for a comprehensive overview of your web application infrastructure. This makes it easy to see if TLS certificates associated with your web application are invalid or about to expire.
Datadog is pleased to provide visibility into TLS along with more than 700 other technologies, including MongoDB, NGINX, and Apache. With our new integration, you’ll be able to monitor the status of your TLS certificates alongside all the other services in your web stack.
If you aren’t already using Datadog to monitor the health of your web stack, get started with a 14-day free trial .