Typically Runs From: Managed Cloud Agent
Is Auto-Discovered By: Internet Domain/DNS Inspector
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Video isn't playing? Click here.
Please note that this Inspector will issue dozens of requests in order to determine protocols and algorithms supported by the certificate.
If you wish to limit the connections/request please use the Bypass TLS Algorithm Checks feature in the Inspector template.
TLS/SSL Certificate Inspector
Not all associated domains will have a TLS/SSL inspection, although it is strongly recommended. You can confirm whether or not TLS/SSL exists for a site by simply setting up the Internet Domain & DNS inspection first and reviewing the Overview tab.
If it says "true," then it is strongly recommended that this Inspector be set up; however, if it says "false," then this Inspector is unnecessary.
Make sure that you have set up a Customer Environment
TLS/SSL Certificate Inspectors are Auto-Discovered by the Internet Domain/DNS Inspector. If you have rolled out an Inspector for the associated Internet Domain to this TLS/SSL Certificate, then follow the Auto-Discovery Roar Inspector Setup process.
If you have not rolled out an Inspector for the associated Internet Domain to this TLS/SSL Certificate, then follow our Internet Domain/DNS documentation to roll out that Inspector, and then follow the Auto-Discovery Roar Inspector Setup process.
If you do not plan to roll out an Inspector for the associated Internet Domain to the TLS/SSL Certificate, or there isn't an associated Internet Domain, then follow our Single Setup Roar Inspector Setup process.
If you have activated your Internet Domain/DNS Inspector(s), it will auto-discover your TLS/SSL Certificate Inspectors. Follow the steps below:
Navigate to Admin > Inspectors > Select TLS/SSL Certificate > Select the Discovered Systems tab
Here you can Activate your Discovered TLS/SSL Certificate Inspector(s):
- Select the checkbox to the left of the Inspector(s) that you would like to Activate
- Select the Actions drop down menu above the Discovered Systems table
- Select Activate Launchpoints
Missing Discovered Inspectors
Inspectors are Auto-Discovered after other Inspectors finish running. If you don't see an Auto-Discovered TLS/SSL Certificate Inspector as expected, then check that your associated Internet Domain/DNS Inspector has completed running.
In Roar, navigate to Admin > Inspectors > Navigate to the TLS/SSL Certificate Inspector > select Add System.
Fill in the following information:
- Environment: Select the Environment this System should be associated to
- Friendly Name: Suggested "[Domain Name without any preceding characters] TLS/SSL". For example, "anydomain.com TLS/SSL".
- Agent: Cloud-Linux
- Domain: Provide the actual domain name without any prefixes like https:// or www (e.g. anydomain.com)
- Bypass TLS Algorithm Checks: If you would like to avoid a large number of requests from hitting your website, turn this feature on. It will bypass checks on algorithms and protocols the certificate can accept.
Retries and Timeout
The fields "Number of Retries" and "Timeout" that contain default (recommended) settings. It's only necessary to adjust these settings if an inspection failure occurs.
Though very rare, some under-performing sites may require additional adjustments for the inspection to properly complete.
- Number of Retries: Default settings are recommended
- Timeout (Secs):Default settings are recommended
- Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule
- Inspector Version: Latest
Select Save. The Inspector will now be triggered to run within the minute.
Last Updated: 2019-11-22
Updated about a month ago