HTTPS Monitor

The HTTPS monitor checks the availability and response time of web servers. It can monitor individual web pages, including that uses HTML forms, which normally require the user to enter data into fields.

Guidelines for configuring HTTPS monitor

The HTTPS monitor checks the availability and response time of web servers. Use the HTTPS monitor in the following situations:

• The target website is static.

  For dynamic websites, use the TRANSX monitor.

• The target website is served over the HTTPS protocol.

  For websites that deliver content over the HTTP protocol, select the HTTP monitor.

• To perform monitoring across multiple platforms.
• Where speed is a determining factor (the HTTPS monitor provides high performance).

Client-side certificate

The monitor enables you to monitor servers that require client-side certificates for mutual authentication.

Specify the SSL certificate file, key file, and key password when creating a profile element.

Certificates must be in Privacy Enhanced Mail (PEM) format. If your certificate is in another format, you must convert it to PEM format. Certificates can be converted by using software such as openSSL, which is available from http://www.openssl.org.

Note: If you always use the same certificate, key, and password in all profile elements, specify them using monitor properties instead of defining them in every profile element you create.

Configuring HTTPS monitor service tests

Use the HTTPS monitor configuration parameters to define HTTPS service tests.

Table 2. HTTPS monitor configuration

Field	Description
server	The host name of the server to be monitored. Example is www.myconpany.com
page	The URL of the page to be monitored. Example is /secure/
description	A text field for providing descriptive information on the element.
port	The port on the server to use. Default: 443
localip	Specifies the IP address of the network interface that the monitor uses for the test. If this field is empty, the monitor uses the interface that is specified by the IpAddress property.
version	The HTTPS protocol version to be used: 1.0 1.1 Default: 1.0
command	The request type: HEAD GET GETALL POST Default: GET
formname	When used in a transaction, the HTTPS monitor scans the specified form for default values. Any values that are found are automatically completed the next HTTPS step in the transaction.
authenticationtype	Specifies the challenge-response authentication mechanism for authenticating network users: NONE - No authentication. BASIC NTLMv1 - Windows NTLM version 1 challenge/response authentication. NTLMv2 - Windows NTLM version 2. Default: NONE
username	The username (account name) for the monitor to use to log in to the HTTPS server.
password	TThe password corresponding to the username for the monitor to use to log in to the HTTPS server.
sslcertificatefile	The path and filename of the digital certificate file that is used in the monitor element. If the path isn’t absolute, the monitor interprets it relative to the working directory ($ISMHOME/platform/arch/bin). If you don’t specify a certificate file, the monitor uses the certificate that is specified by the monitor property SSLCertificateFile.
sslkeyfile	The path and filename of the file containing the SSL private key, which is used to identify the server and sign the SSL messages.
sslkeypassword	The password used to encrypt the SSL private key.
timeout	The time, in seconds, to wait for the server to respond. Default: 30
poll	The time, in seconds, between each poll. Default: 300
failureretests	The number of times to retest before indicating a failure. Default: 0
retestinterval	The time, in seconds, to wait between each failure retest. Default: 10
Proxy details
server	The host name of the proxy server.
port	The port on the proxy server to use.
authenticationtype	The server authentication type for the proxy HTTPS server. See authenticationtype for further information.
username	The username for the monitor to use to log in to the proxy HTTPS server.
password	The password for the monitor to use to log in to the proxy HTTPS server.
useproxy	Configures the monitor to perform the request by using a proxy server. proxy (use true in ismbatch) noproxy (use false in ismbatch) Default is noproxy
hostnamelookuppreference	Determines which IP version, IPv6, or IPv4, is applied to the supplied host name. The options are: default sets the monitor to use monitor-wide properties settings. This is the default. 4Then6 selects IPv4 and then IPv6. Uses IPv4 addresses if they are available. If no IPv4 addresses are found, IPv6 addresses are used. 6Then4 selects IPv6 and then IPv4. Uses IPv6 addresses if they are available. If no IPv6 addresses are found, IPv4 addresses are used. 4Only selects IPv4 only. Uses IPv4 addresses only. If there are no IPv4 addresses, the poll returns an error. 6Only selects IPv6 only. Uses IPv6 addresses only. If there are no IPv6 addresses, the poll returns an error. 6Or4 selects either IPv4 or IPv6. Uses the first address that is returned from the host name.

Regular expression matching

You can perform a regular expression search on the information being downloaded by entering up to 50 different regular expressions. The HTTPS monitor attempts to match the contents that are retrieved to each of the regular expressions.

If a match for a specified regular expression is found, the matched lines (or as much as can fit in the monitor’s internal buffer) are returned in the corresponding $regexpMatchn element. If the regular expression matches more than once in the information downloaded, only the first match is returned. The status of each regular expression test is indicated by the $regexpStatusn elements. You can use the regular expression matches and their status information as criteria for service level classifications.

For more information, see Table 3.

Head and Form parameter

Similar to the HTTP monitor, the HTTPS monitor can send extra data in the header fields and message body of HTTP requests.

For details on head and form parameters, see HTTP Head and Form parameter.

Monitor elements

Table 3. HTTPS SSL monitor elements

Element	Description
$SSLcertificateSerialNumber	The serial number of the X509 certificate presented by the server.
$SSLcipherSuiteCount	The number of cipher suites available on the connection.
$SSLcipherSuiteList	The list of cipher suites available on the connection.
$SSLcipherSuiteName	The cipher suite selected for the connection.
$SSLeffectiveSessionKeyBits	The number of bits in the session key. This is typically 128 or 168, or 40 for export versions.
$SSLHandshakeTime* (SslHandshakeTime)	The time taken to establish the SSL connection.
$SSLissuerName	The issuer name for the server's X509 format certification.
$SSLprotocolVersion	The version of SSL being used, either v2 or v3.
$SSLpublicKeyLengthBits	The size of the server's public key. This is typically 1024 bits, except where an export specification cipher suite is used.
$SSLserverCertificateValidFrom	The date that the server certificate is valid from.
$SSLserverCertificateValidTo	The date that the server certificate is valid to.
$SSLserverName	SSL server name.
$SSLsubjectName	The subject name for the X509 format certification. This is typically the name of the organization controlling the server.

Elements indicated by an asterisk (*) are available as attributes. The names of the attributes are shown within brackets. Absence of an asterisk indicates there’s no equivalent attribute. Attributes that are shown in bracket but without element indicates that they are only available as attributes, there's no equivalent element.

The HTTPS monitor produces the same extra elements as the HTTP monitor, as described in Table 3. In addition, it produces the elements that are related to SSL if a client-side certificate is used in the test, as described in Table 3.

In addition to the test results common to all elements, the HTTPS monitor generates a set of test results containing data specific to HTTPS service tests.

Status Message

The HTTPS monitor provides status messages in the ResultMessage attribute when using IBM® Application Performance Management. These messages indicate the result of the test.

In addition to the HTTP status messages, the HTTPS monitor also generates the messages that are listed in Table 4.

Table 4. HTTPS monitor status messages 

Message	Description
OK	The monitor that is successfully connected to the server.
SSL handshake failed	The monitor failed to initialize SSL connectivity after establishing a connection to the server.
Connection failed	The monitor failed to connect for reasons other than the link is down, connection is reset, link is unreachable, connection timed out, connection terminated, or host is down. See the HTTP monitor log file for more information.

Properties

The HTTPS monitor has the same properties as the HTTP monitor.

For details about the properties options that are the same as the HTTP monitor, see Table 6. Table 5 lists some more properties that are specific to HTTPS.

Table 5. HTTPS monitor specific properties

Property name	Property parameter	Description
SSLCertificate File	string	The path and filename of the digital certificate file that is used if no certificate is explicitly specified for an HTTPS element during its creation. If the path isn’t absolute, the monitor interprets it relative to the working directory ($ISHOME/platform/arch/bin).
SSLCipherSuite	string	The cipher suite to use for SSL operations. Default: RC4:3DES:DES:+EXP
SSLDisableTLS	integer	Disables TLSv1 for heritage support. Default: 0 - TLSv1 is enabled. 1 - TLSv1 is disabled.
SSLKeyFile	string	The file containing the SSL private key.
SSLKeyPassword	string	The password used to encrypt the SSL private key.

Cipher Suits

The SSLCipherSuite property specifies the cipher suite that is used by the HTTPS monitor. For more information about SSL settings, see SSL setting in Internet Service Monitoring.