You already know that mySites.guru is an amazing unique dashboard, bringing together information from all your Joomla and WordPress sites in one place, but there are some smaller features that we, and our customers just take for granted, as they only activate when something goes wrong.
SSL Certificate checks are one such feature that gets invoked when things go wrong with your site, and when you really need to be alerted to it.
Since 2012, when we snapshot your Joomla or WordPress site as part of our security audit for Joomla, we download a copy of your public SSL Certificate active on your domain, the same way a browser would.
We then collect the SSL Issuer, Expiration Date and check the SSL Certificate Validation Chain right along the chain to ensure that all the intermediate certificates are also valid.
SSL is a complex thing under the hood, and there are many other checks we make of your SSL Implementation, including the ciphers users and the actual minimum level of security that your site allows.
If your site accepts any insecure encryption methods, we will alert you by email about this.
We also distinguish cPanel and Let’s Encrypt SSL Certificates as these are normally web host provided and auto-renewed without user intervention, these are shown with custom icons on your dashboard.
Short Expiration Dates Now Standard
The whole SSL Ecosystem is moving towards shorter and shorter expiration times. Whereas the norm used to be 2 years to 5 years, with the invention of auto-renewalable SSL with Let’s Encrypt, that time has been drastically reduced to just a few months.
This means that, if the process fails, your site can be taken offline to visitors (by browser security) if your certificate is invalid or expired.
This is why mySites.guru gives you a overview of your SSL Certificates, listed by expiration date
On this screen you can also export the list to CSV file for further offline processing should you wish.
Alerting of expiration date approaching
By default, we will alert you if your SSL gets within 2 days of expiration. Under normal circumstances this should never happen!
However we know that some people have specific requirements and 2 days might be too short for business processes or manual renewals, so we allow you to configure the number of days before expiration that we alert on.
BONUS: Our Recommendation, Integration with Qualys Tools.
The industry standard tool for testing SSL Certificate implementations is the Qualys Tools.
mySites.guru gives you integration with this tool within the Learn More page in the SSL Snapshot tool.
This tool will give you LOADS of technical information about your SSL Implementation, and your underlying web server security.
