I have weekly Continuous Monitoring alerts sent out to my server admin teams regarding the expiration and future expiration of SSL certificates. I'm currently using a ruleset to trigger when a certificate is Expired, Expiring in 10 days, and Expiring in 30 days.
We are in the process of upgrading our Qualys VM infrastructure from appliance scanning to the Cloud Agent, but we are still about 90% appliance scanning.
Our Continuous Monitoring alerts will alert on expired (or soon to expire) certificates that have already been updated. I understand about the "Info from the last scan" however and example would be:
1. Certificate was updated last Friday(or so I was told)
2. The system was Authenticated scanned the following Wednesday
3. Thursday, the alert came out that the certificate would expire within 30 days
When I look for details of the alert in the console, I find the closest match to the alert and it's been a valid cert with at least a year before expiring. This has happened many times and they always ask me to prove the alert.
Will this be cleared up when CA is installed on all systems?
Is there an easier way to match the alert with the potential expired certificate?
Thank you for your help!