What it is
SSL/TLS certificates must be valid (trusted chain, correct hostname) and not expired. Certificate monitoring checks expiry date, hostname match, and chain validity so you can renew before the certificate expires.
Why it matters
Expired or invalid certificates cause browser errors and break HTTPS. Renewing in time and fixing chain/hostname issues avoids outages and loss of trust. Continuous monitoring gives advance warning.
How Barrion checks it
Barrion connects to your HTTPS endpoint and validates the certificate: expiry date, hostname match, and chain. We report certificates that are expired, expiring soon, or misconfigured. Checks are passive TLS handshakes only.
Verify it
echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -dates -subject