SSL Monitor Dashboard

SSL certificate expiry leads to downtime and security risks. Our Azure-powered SSL Expiry Monitor automates the tracking, storage, and alerting of users, ensuring seamless security.

Comment

Inspiration

The idea struck me decisively when Let's Encrypt announced they would discontinue domain expiry notifications. Faced with the challenge of monitoring the extensive array of domains within my company, I took the initiative to create a web application that efficiently addresses this need. This solution seamlessly integrates with our existing resources on Azure.

Why You Must Monitor SSL

SSL certificate expiry can lead to significant downtime and pose security risks, adversely affecting both services and the company's reputation. Tracking SSL expirations manually across multiple domains is not only tedious but also grossly inefficient—I have personally experienced the limitations of spreadsheets. This inspired me to develop an automated monitoring solution that proactively tracks SSL expiry and provides timely notifications, preventing any service disruptions.

What It Does

The SSL Monitor Dashboard takes charge by continuously tracking SSL certificate expiry for the domains you add. It harnesses a PostgreSQL database to efficiently store information, allowing users to clearly see the days remaining until domain expiry. Domains approaching expiry are color-coded: Orange for those expiring in less than 30 days and Red for those in less than 7 days.

Azure Functions check and update expiry dates according to a defined schedule, ensuring that the dashboard reflects the most current data every time you access it. Additionally, there is a manual update feature for users who prefer it.

Currently, the dashboard provides visual notifications, but we are poised to implement future upgrades that will include notifications via email and other channels.

How It Was Built

The SSL Monitor Dashboard utilizes Azure Cloud Services to construct a scalable, secure, and automated monitoring system. Below is a list of the critical resources used in its creation:

  • Azure Container Registry: This stores the Docker container for the application.
  • Azure App Service and Web App: These host the web application and deliver the URL for user access to the dashboard.
  • Azure Functions: They run essential tasks to update domain data as scheduled.
  • Azure PostgreSQL: This securely stores SSL expiry data.
  • Azure Key Vault: It safeguards sensitive credentials for seamless connectivity among Azure resources.
  • Azure Blob Storage & Application Insights: These tools log and monitor application performance robustly.
  • Azure DevOps CI/CD Pipeline: This automates the deployment of both resources and the application.

It is important to note that all infrastructure resources have been meticulously created and integrated using Azure Bicep.

Challenges Encountered

Developing this application required me to engage with various tools and integrate multiple Azure resources. I faced notable challenges in establishing permissions with the principle of least privilege across Azure resources. However, I tackled this decisively by leveraging Managed Identities. The numerous permissions issues with Azure DevOps, GitHub, and other Azure resources were overcome by manually creating Managed Identities and assigning the necessary permissions.

Accomplishments We’re Proud Of

  • We successfully integrated multiple Azure services to engineer a fully automated system.
  • We implemented Infrastructure as Code (IaC) using Bicep to streamline resource deployment.
  • We built a secure and scalable monitoring solution that eliminates the outdated practice of manual SSL expiry tracking.

What We Learned

  • Cloud Security & IAM: We effectively leveraged Managed Identities for secure resource access.
  • Infrastructure as Code (IaC): We utilized Bicep to define and manage Azure resources with precision.
  • CI/CD Best Practices: We optimized pipeline workflows for seamless deployment.
  • Optimizing Cloud Costs: We efficiently allocated Azure resources to achieve a balance between cost and performance.

What's Next for the SSL Monitor Dashboard

  • Custom Alerts & Integrations: We are committed to adding email, Slack, and webhook notifications.
  • Multi-Tenant Support: We will expand the dashboard to cater to teams and organizations.
  • Enhanced Analytics: We aim to provide valuable insights into SSL trends and recommendations.
  • Mobile Support: We will develop a mobile-friendly version of the dashboard.

This project has served as an exceptional learning experience, allowing me to merge DevOps, cloud computing, and security to effectively solve a real-world problem.

Built With

Share this project:

Updates