OCI Certificates monitoring
Managing certificates across compartments and environments can be difficult. Missing an expiration or deletion event can lead to application downtime or trust chain failures. Oracle Cloud Infrastructure (OCI) Certificates is a managed service used to issue, manage, and renew SSL TLS certificates and Certificate Authorities (CAs). It helps secure communication between services by handling certificate life cycle operations.
Site24x7 integrates with OCI Certificates to provide visibility into certificate life cycle and CA health from a single console. This integration with OCI CA also provides the following child monitor:
- Certificate: Monitors individual certificates issued by a CA, including certificate age, version life cycle, and expiration timelines.
With this setup, you can monitor both CA-level health and individual certificate status in one place, helping you detect risks early and avoid service disruptions.
Benefits of Site24x7’s OCI Certificates integration
Site24x7's integration with OCI Certificates provides you with the following benefits:
- Proactive expiration monitoring: Get alerts before certificates or CA versions expire.
- Full trust chain visibility: Monitor both CAs and certificates in one place.
- Centralized monitoring: Track certificates across compartments and regions.
- Life cycle tracking: Monitor age, validity, and deletion timelines.
- Faster issue detection: Identify risks early and take action before impact.
Use case
A company runs multiple customer-facing applications on OCI, including a web portal and APIs secured using SSL TLS certificates issued by a private CA. Each application depends on valid certificates to establish secure connections. If a certificate expires, users may see security warnings or fail to access the service. If the CA itself expires or is deleted, all certificates issued under it become invalid, causing a wider outage.
With Site24x7’s OCI Certificates integration, the operations team monitors both the CA and all issued certificates in one place. It receives alerts when a certificate is nearing its expiration date, e.g., 30 days in advance, and can renew it before it impacts users. Simultaneously, the team tracks the CA’s validity to ensure the trust chain remains intact. This helps the team avoid unexpected downtime, maintain secure communication, and stay compliant with internal security policies.
Setup and configuration
To get started with OCI Certificates monitoring, complete the following setup steps:
- Site24x7 uses cross-tenancy access to monitor your resources using Site24x7's tenancy user. Log in to your Site24x7 account and create a specific policy to allow Site24x7 to view your resources without affecting your security.
- On the Integrate OCI Monitor page, select OCI Certificates from the Services to be discovered list.
Permissions
Ensure that Site24x7 receives the following permissions to monitor the OCI Certificates:
- read certificates
- read certificate-authorities
Polling frequency
Site24x7 queries OCI service-level APIs according to the set polling frequency (from once a minute to once a day) to collect metrics from an OCI Certificates monitor.
Supported metrics
The supported metrics for an OCI Certificate Authority monitor are provided below.
OCI CA
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| CA Age | Time since CA creation. | Time | Average |
| CA Time Of Deletion | Time remaining before deletion. | Time | Average |
| CA Version Age | Age of current CA version. | Time | Average |
| CA Version Remaining Validity | Time remaining before CA expiration. | Time | Average |
OCI Certificate
| Metric name | Description | Statistics | Unit |
|---|---|---|---|
| Certificate Age | Time since certificate creation. | Time | Average |
| Certificate Time Of Deletion | Time remaining before deletion. | Time | Average |
| Certificate Version Age | Age of current version. | Time | Average |
| Certificate Version Remaining Validity | Time remaining before expiration. | Time | Average |
Threshold configuration
To configure thresholds for an OCI CA and Certificate monitor:
- Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
- Click Add Threshold Profile.
- Select the applicable monitor type from the Monitor Type drop-down menu. The applicable monitor types are Certificate Authority and Certificate. The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
- Click Save.
Status propagation
Site24x7’s OCI Certificates integration supports status propagation. This helps you manage alerts by routing certificate level issues through the Certificate Authority monitor.
When status propagation is enabled:
- Alerts for child monitors such as individual certificates are disabled by default.
- Status change alerts from certificate monitors are suppressed unless you set Skip Alert to No in the Edit Threshold page.
- You receive a single alert from the Certificate Authority monitor instead of multiple alerts from each certificate. This reduces alert noise and makes it easier to track issues at the trust chain level.
Alerts are automatically disabled for child monitors that support status propagation.
For example, if a certificate issued by a CA is nearing its expiration date or has an issue, the Certificate Authority monitor raises a single alert indicating a problem within that CA, instead of triggering separate alerts for each certificate.
Organize OCI Certificates using Monitor Groups
Monitor Groups in Site24x7 help you organize CA and Certificate monitors based on how your OCI environment is structured. You can group monitors by application, environment such as production or staging, or by business unit. This becomes useful when multiple certificates support a single service or when a CA issues certificates across different applications.
With this integration, Monitor Groups give you a consolidated view of certificate health and dependencies. For example, you can group all certificates tied to a customer-facing application along with their issuing CA. This makes it easier to understand the impact of an expiring certificate or CA on that application. It also simplifies alert management, since notifications can be configured at the group level instead of for individual monitors.
Plan certificate expiration and renewal with Capacity Planning
Capacity Planning in Site24x7 can be used to analyze certificate and CA life cycle trends over time. While certificates do not consume capacity in a traditional sense, their validity periods and rotation cycles behave like predictable time based resources.
Using this feature with OCI Certificates monitoring, you can track how long certificates and CA versions remain valid and identify patterns in renewal cycles. This helps teams plan renewals in advance instead of reacting to last minute alerts. For example, if multiple certificates are set to expire within the same window, you can schedule renewals in a controlled manner to avoid operational spikes or missed deadlines. It also supports compliance by ensuring rotation policies are consistently followed across environments.
Licensing
- Each OCI CA and Certificate monitor utilizes one basic monitor license.
Viewing OCI Certificates data
To monitor your OCI Certificates environment, log in to your Site24x7 account and navigate to Cloud > OCI > Certificates.
Monitor data
OCI Certificate Authority
The monitor data for OCI Certificate Authority is given below.
Summary
The Summary tab offers a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of your OCI Certificate Authority monitor.
Configuration
The Configuration tab displays the core configuration details of the CA. This includes CA settings, current version details, subject information, rule configuration, and revocation details. This tab helps you understand how the CA is configured and its current operational state.
Subordinate CA's
The Subordinate CA's tab lists all subordinate CAs issued under the selected CA. This helps you track the CA hierarchy and understand how trust is distributed across your public key infrastructure setup.
OCI Certificates
The Certificates tab displays all certificates signed and issued by the CA. This view helps you identify dependent certificates and assess the impact of any CA-level changes.
Associations
The Associations tab displays association details of the CA with other resources. This helps you understand where and how the CA is being used across your environment.
Versions
The Versions tab provides details of all CA versions, including historical and current versions. This helps track version life cycle and supports rotation and compliance requirements.
Zia Forecast
The Zia Forecast tab displays the forecast chart with future points of a performance metric (measurement of resource usage) based on historical time series data. Historical data, of up to 30 days, is used to predict what your metric usage will be in the next seven days.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Resource ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the OCI Certificate Authority monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the Certificate Authority monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
OCI Certificate
The monitor data for OCI Certificate monitor is given below.
Summary
The Summary tab offers a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of your Certificate monitor.
Configuration
The Configuration tab displays the core configuration details of the Certificate monitor. This includes Certificate settings, current version details, subject information, rule configuration, and revocation details. This tab helps you understand how the Certificate is configured and its current operational state.
Associations
The Associations tab displays association details of the Certificate with other resources. This helps you understand where and how the Certificate is being used across your environment.
Versions
The Versions tab provides details of all Certificate versions, including historical and current versions. This helps track version life cycle and supports rotation and compliance requirements.
Outages
The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.
Notes
The Notes tab provides details like Resource ID, Region, Monitor Licensing Category, and much more. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.
Log Report
The Log Report tab provides a consolidated report of the Certificate monitor's log status, which can be downloaded as a CSV file.
Alert Logs
The Alert Logs tab displays a chronological list of all triggered alerts related to the Certificate monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.
-
On this page
- Benefits of Site24x7’s OCI Certificates integration
- Use case
- Setup and configuration
- Permissions
- Polling frequency
- Supported metrics
- Threshold configuration
- Status propagation
- Organize OCI Certificates using Monitor Groups
- Plan certificate expiration and renewal with Capacity Planning
- Licensing
- Viewing OCI Certificates data
- Monitor data