Liongard Roar

Roar Users Guide & Documentation

Welcome! You'll find comprehensive guides and documentation to help MSPs start working with Liongard's Roar as quickly as possible, as well as support if you get stuck. Let's go #MakeITRoar!

Get Started    

TLS/SSL Certificates

This document provides the steps required to configure the TLS/SSL Certificates Inspector.

Quick Details

Typically Runs From: Managed Cloud Agent
Is Auto-Discovered By: Internet Domain/DNS Inspector
Can Auto-Discover: N/A
Parent/Child Type Inspector: No

Overview

See it in Action

Video isn't playing? Click here.

Rate/Request Limits

Please note that this Inspector will issue dozens of requests in order to determine protocols and algorithms supported by the certificate.

If you wish to limit the connections/request please use the Bypass TLS Algorithm Checks feature in the Inspector template.

TLS/SSL Certificate Inspector

Not all associated domains will have a TLS/SSL inspection, although it is strongly recommended. You can confirm whether or not TLS/SSL exists for a site by simply setting up the Internet Domain & DNS inspection first and reviewing the Overview tab.

If it says "true," then it is strongly recommended that this Inspector be set up; however, if it says "false," then this Inspector is unnecessary.

Customer Environment

Make sure that you have set up a Customer Environment

Inspector Setup Preparation

TLS/SSL Certificate Inspectors are Auto-Discovered by the Internet Domain/DNS Inspector. If you have rolled out an Inspector for the associated Internet Domain to this TLS/SSL Certificate, then follow the Auto-Discovery Roar Inspector Setup process.

If you have not rolled out an Inspector for the associated Internet Domain to this TLS/SSL Certificate, then follow our Internet Domain/DNS documentation to roll out that Inspector, and then follow the Auto-Discovery Roar Inspector Setup process.

If you do not plan to roll out an Inspector for the associated Internet Domain to the TLS/SSL Certificate, or there isn't an associated Internet Domain, then follow our Single Setup Roar Inspector Setup process.

Roar Inspector Setup

Activating Auto-Discovered Inspectors

If you have activated your Internet Domain/DNS Inspector(s), it will auto-discover your TLS/SSL Certificate Inspectors. Follow the steps below:

Navigate to Admin > Inspectors > Select TLS/SSL Certificate > Select the Discovered Systems tab

Here you can Activate your Discovered TLS/SSL Certificate Inspector(s):

  • Select the checkbox to the left of the Inspector(s) that you would like to Activate
  • Select the Actions drop down menu above the Discovered Systems table
  • Select Activate Launchpoints

Missing Discovered Inspectors

Inspectors are Auto-Discovered after other Inspectors finish running. If you don't see an Auto-Discovered TLS/SSL Certificate Inspector as expected, then check that your associated Internet Domain/DNS Inspector has completed running.

Single Roar Inspector Setup

In Roar, navigate to Admin > Inspectors > Navigate to the TLS/SSL Certificate Inspector > select Add System.

Fill in the following information:

  • Friendly Name - We recommend using the actual "domain name + TLS/SSL" that will be inspected without any preceding characters (e.g. anydomain.com TLS/SSL) as this will make it easily searchable within the UI when in use.
  • Agent - Select the agent to be used for the inspection (this should be the default ROAR-DEDICATED-LINUX)
  • Domain - Provide the actual domain name without any prefixes like https:// or www (e.g. anydomain.com)

Schedule

  • The default scheduling settings of 1 per day is typically sufficient, but you have the option to adjust to another setting if necessary.
  • Unless you are using the inspection for a defined period of time, it's best to leave the end date blank so that it will continue to run perpetually.

Inspector Version
Leave the inspection version default (latest) unless instructed differently by a member of the Liongard team, as this will ensure that any improvements to the inspection automatically roll out.

Retries and Timeout
There are two additional settings "Number of Retries" and "Timeout" that contain default (recommended) settings. It's only necessary to adjust these settings if an inspection failure occurs, since some under-performing sites require additional adjustments for the inspection to properly complete, though very rare.

  • Select Save to schedule the Inspector

This inspection typically runs 1-2 minutes once processing begins.

Last Updated: 2019-11-05

TLS/SSL Certificates


This document provides the steps required to configure the TLS/SSL Certificates Inspector.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.