I am very sorry that you were fired. I wouldn't go into "why".
If you or someone else runs/monitors SSL certificates it is highly advised to follow industry news.
There are blogs, Twitter accounts, newsletters etc. Especially closely listen to the CA that signs your certificates. All the best to you! Idézem/Quoting [email protected]:
I configured monit to monitor the TLS certificate validity of all of our highly productive websites. To all websites, the unnecessary full certificate (without root CA) was installed. However, on 30th of May 2020 one of the chain certificates (COMODO) ran out of its validity period. Obviously monit only checks for the server certificate, that's why the check did not notice this, and such a check is completely pointless. It led to a massive damage to my company, and since I was to deal with monitoring as well as TLS certificates, I had to move on to find a new job. During the notice period, I implemented an own check in PHP and let monit execute this PHP program to check TLS certificates. This PHP program did not just check the entire chain, but also the chain against the system's own trust store (in /etc/ssl/certs). I think it would be an interesting feature to deal with TLS certificates like this in monit in order to avoid more people losing the jobs.
SZÉPE Viktor, webes alkalmazás üzemeltetés / Running your application https://github.com/szepeviktor/debian-server-tools/blob/master/CV.md ~~~ ügyelet 🌶️ hotline: +36-20-4242498 [email protected] skype: szepe.viktor Budapest, III. kerület
smime.p7s
Description: S/MIME Signature
