Typically Runs From: Managed Cloud Agent
Is Auto-Discovered By: Internet Domain/DNS Inspector
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Video isn't playing? Click here.
Please note that this Inspector will issue dozens of requests in order to determine protocols and algorithms supported by the certificate.
If you wish to limit the connections/request please use the Bypass TLS Algorithm Checks feature in the Inspector template.
TLS/SSL Certificate Inspector
Not all associated domains will have a TLS/SSL inspection, although it is strongly recommended. You can confirm whether or not TLS/SSL exists for a site by simply setting up the Internet Domain & DNS inspection first and reviewing the Overview tab.
If it says "true," then it is strongly recommended that this Inspector be set up; however, if it says "false," then this Inspector is unnecessary.
Make sure that you have set up a Customer Environment
TLS/SSL Certificate Inspectors are Auto-Discovered by the Internet Domain/DNS Inspector. If you have rolled out an Inspector for the associated Internet Domain to this TLS/SSL Certificate, then follow the Auto-Discovery Roar Inspector Setup process.
If you have not rolled out an Inspector for the associated Internet Domain to this TLS/SSL Certificate, then follow our Internet Domain/DNS documentation to roll out that Inspector, and then follow the Auto-Discovery Roar Inspector Setup process.
If you do not plan to roll out an Inspector for the associated Internet Domain to the TLS/SSL Certificate, or there isn't an associated Internet Domain, then follow our Single Setup Roar Inspector Setup process.
If you have activated your Internet Domain/DNS Inspector(s), it will auto-discover your TLS/SSL Certificate Inspectors. Follow the steps below:
Navigate to Admin > Inspectors > Select TLS/SSL Certificate > Select the Discovered Systems tab
Here you can Activate your Discovered TLS/SSL Certificate Inspector(s):
- Select the checkbox to the left of the Inspector(s) that you would like to Activate
- Select the Actions drop down menu above the Discovered Systems table
- Select Activate Launchpoints
Missing Discovered Inspectors
Inspectors are Auto-Discovered after other Inspectors finish running. If you don't see an Auto-Discovered TLS/SSL Certificate Inspector as expected, then check that your associated Internet Domain/DNS Inspector has completed running.
In Roar, navigate to Admin > Inspectors > Navigate to the TLS/SSL Certificate Inspector > select Add System.
Fill in the following information:
- Friendly Name - We recommend using the actual "domain name + TLS/SSL" that will be inspected without any preceding characters (e.g. anydomain.com TLS/SSL) as this will make it easily searchable within the UI when in use.
- Agent - Select the agent to be used for the inspection (this should be the default ROAR-DEDICATED-LINUX)
- Domain - Provide the actual domain name without any prefixes like https:// or www (e.g. anydomain.com)
- The default scheduling settings of 1 per day is typically sufficient, but you have the option to adjust to another setting if necessary.
- Unless you are using the inspection for a defined period of time, it's best to leave the end date blank so that it will continue to run perpetually.
Leave the inspection version default (latest) unless instructed differently by a member of the Liongard team, as this will ensure that any improvements to the inspection automatically roll out.
Retries and Timeout
There are two additional settings "Number of Retries" and "Timeout" that contain default (recommended) settings. It's only necessary to adjust these settings if an inspection failure occurs, since some under-performing sites require additional adjustments for the inspection to properly complete, though very rare.
- Select Save to schedule the Inspector
This inspection typically runs 1-2 minutes once processing begins.
Last Updated: 2019-11-05