Purpose: The purpose of this manual is to assist users in configuring PRTG Network Monitor to monitor SSL/TLS certificate hash algorithms. By monitoring these hash algorithms, users can proactively identify and address security risks related to certificate integrity and cryptographic strength.

Prerequisites:

1. Access to a PRTG Network Monitor instance.
2. Basic understanding of SSL/TLS certificates and hash algorithms.
3. Credentials for accessing the target servers.

Steps:

1. Add SSL/TLS Sensor:

   • Log in to your PRTG Network Monitor instance.
   • Navigate to the device you want to monitor.
   • Click on "Add Sensor" and search for "SSL/TLS Certificate Sensor".
   • Select the sensor and proceed to configure it.

2. Configure Sensor Settings:

   • Enter a name for the sensor to identify it easily.
   • Choose the target server you want to monitor.
   • Specify the port number for SSL/TLS communication (default is 443).
   • Optionally, configure advanced sensor settings such as timeout and scanning interval.

3. Specify Hash Algorithm Monitoring:

   • In the sensor settings, locate the option to specify the hash algorithm(s) for monitoring.
   • Select the hash algorithm(s) you want to monitor. Common algorithms include SHA-1, SHA-256, SHA-384, SHA-512, etc.
   • You can choose multiple algorithms for comprehensive monitoring.

4. Set Thresholds and Notifications:

   • Define warning and error thresholds for each hash algorithm.
   • Configure notification settings to receive alerts when thresholds are breached.
   • Ensure notifications reach the appropriate stakeholders for timely action.

5. Review and Save Settings:

   • Double-check all configured settings to ensure accuracy.
   • Save the sensor configuration to start monitoring immediately.

6. Monitor Results:

• Monitor the sensor results in the PRTG web interface.
  • Check the status of hash algorithms regularly.
  • Investigate any warnings or errors to identify potential security vulnerabilities.

Best Practices:

• Regularly update SSL/TLS certificates to use stronger hash algorithms.
• Monitor hash algorithms across all critical servers and services.
• Configure dependencies to ensure accurate monitoring and reduce false alerts.
• Periodically review and adjust threshold settings based on evolving security requirements.

By following these steps, you can effectively monitor SSL/TLS certificate hash algorithms using PRTG Network Monitor. This proactive approach helps maintain the security and integrity of your network infrastructure by promptly identifying and addressing potential security vulnerabilities related to certificate integrity and cryptographic strength. Regular monitoring and adherence to best practices contribute to a robust security posture.