Monitoring the intermediate CA certificate expiration date now supported

Hello, Mackerel team CRE Nishiyama (id:tukaelu) here with another update announcement.

As you may know, Mackerel’s external URL monitoring enables you to monitor the SSL certificate expiration date. Incidentally, we’ve received numerous requests to include the same support for intermediate CA certificates as well. With this update, this is now possible.

Expiration dates of chained intermediate CA certificates can now be detected in advance, so be sure to check for this when external monitoring alerts occur.

You can check a certificate by executing a command like the one shown below. This command behaves in a similar fashion to Mackerel's external monitoring system. Make sure to replace the ‘’ sections in the following example with your target before running the command.

openssl s_client -servername -connect -showcerts </dev/null >c.pem
openssl crl2pkcs7 -nocrl -certfile c.pem | openssl pkcs7 -print_certs -text -noout

This feature was made possible thanks to the requests of Mackerel users.

Please feel free to contact our support team with any comments or questions regarding this update via the Mackerel Web Console.

We look forward to your feedback.