SSLScope User Documentation

Introduction to SSLScope

SSLScope is a powerful certificate monitoring solution that helps prevent SSL certificate expirations and the associated downtime and security risks. It continuously monitors your SSL certificates and sends timely notifications before they expire, ensuring your websites and services remain secure and accessible.

This documentation provides comprehensive guidance on installing, configuring, and using SSLScope effectively to monitor your certificates.

SSLScope runs as a Windows service, continuously checking your certificates in the background with minimal resource usage.

Key Features

  • Timely Notifications - Get notified before certificates expire.
  • Multi-Domain Monitoring - Monitor unlimited domains and ports from one location.
  • Easy Configuration - Simple setup with our intuitive configuration utility.
  • Background Service - Runs silently as a Windows service with minimal resource usage.
  • On-Premise Solution - Hosted by you, with no external data sharing.

Getting Started

This section will guide you through the initial setup process for SSLScope, including system requirements, installation, and license activation.

System Requirements

Before installing SSLScope, ensure your system meets the following requirements:

Operating System

  • Windows 10 (64-bit)
  • Windows 11 (64-bit)
  • Windows Server 2016
  • Windows Server 2019
  • Windows Server 2022

Hardware

  • 2 GHz processor (or faster)
  • 2 GB RAM minimum
  • 50 MB free disk space
  • Network connection

Dependencies

  • Microsoft .NET Framework 4.7.2 or newer
  • TLS 1.2 enabled
  • Administrative privileges (for installation)

SSLScope runs with minimal system impact as a background Windows service. A single installation can monitor unlimited certificates across your network.

Installation

Follow these steps to install SSLScope on your system:

  1. Download the latest version of the SSLScope installer from the official website.
  2. Right-click on the installer file (SSLScope-Setup-x.x.x.exe) and select "Run as administrator".
  3. If prompted by User Account Control (UAC), click "Yes" to allow the installer to make changes to your device.
  4. Follow the on-screen instructions in the installation wizard:

    • Review and accept the license agreement
    • Choose the installation directory (default is recommended)
    • Select additional options (desktop shortcut, etc.)
    • Click "Install" to begin the installation
  5. Wait for the installation to complete. The wizard will automatically install and start the SSLScope service.
  6. After installation, the SSLScope Configuration utility will launch automatically.

Administrative privileges are required for installation to properly set up the Windows service and required permissions.

Installation Directory Structure

After installation, the following files will be created in your installation directory:

  • SSLScopeConfig.exe - The configuration utility
  • SSLScopeMonitor.exe - The monitoring service
  • SSLScopeUpdater.exe - The update utility
  • license.licx - Your license file (created after activation)
  • config.dat - Your configuration file (encrypted)

License Activation

After installation, you need to activate your SSLScope license to enable full functionality:

  1. Launch the SSLScope Configuration utility from the desktop shortcut or Start menu.
  2. Navigate to the "License" tab in the configuration utility.
  3. Enter your license key in the "License Key" field.

    Your license key is provided in the email you received after purchasing SSLScope.

  4. Click the "Activate License" button.
  5. Upon successful activation, a confirmation message will appear, and your license details will be displayed in the License Information section.

SSLScope requires an internet connection during activation to validate your license. After activation, the software can operate without an internet connection for up to 7 days.

License Information

After activation, the License Information section will display:

  • License Status (Valid or Expired)
  • Company Name
  • Email Address
  • Valid Until date
  • Days remaining on your license

Configuration

After installation and activation, you'll need to configure SSLScope to monitor your domains and set up email notifications.

Adding Domains to Monitor

To add domains for SSL certificate monitoring:

  1. Launch the SSLScope Configuration utility.
  2. Go to the "Domains" tab (this is the default tab when you open the application).
  3. Enter the domain name in the "Domain" field.

    Enter the domain name without the protocol (e.g., "example.com" not "https://example.com").

  4. Enter the port number in the "Port" field.

    For standard HTTPS, use port 443. For other secure services, use the appropriate port number.

  5. Click the "Add Domain" button to add the domain to the monitoring list.
  6. The domain will appear in the domains table below.
  7. Click "Save Changes" to apply your changes.

Managing Domains

To modify or remove domains from monitoring:

  • Update a domain: Select the domain from the list, modify the domain name or port in the input fields, and click "Update Selected".
  • Delete a domain: Select the domain from the list and click "Delete Selected". Confirm the deletion when prompted.
  • Remember to save: After making any changes, click "Save Changes" to apply your modifications.

Ensure that the machine running SSLScope has network access to all the domains you want to monitor. For internal certificates, the service must be able to reach those servers.

SMTP Settings

To receive email notifications, you need to configure your SMTP settings:

  1. In the SSLScope Configuration utility, go to the "SMTP Settings" tab.
  2. Enter your SMTP server details:

    • SMTP Server: The address of your SMTP server (e.g., "smtp.gmail.com" or "smtp.office365.com")
    • SMTP Port: The port for your SMTP server (typically 587 for TLS or 465 for SSL)
    • Username: Your SMTP account username (often your email address)
    • From Email: The email address that notifications will be sent from
    • Password: Your SMTP account password
    • Recipient: The email address that will receive notifications
  3. Click "Save Changes" to store your SMTP settings.

For security, your SMTP password is encrypted using Windows Data Protection API (DPAPI) and stored securely on your system.

Common SMTP Providers

Provider SMTP Server Port Security Notes
Gmail smtp.gmail.com 587 TLS Requires app password if 2FA is enabled
Office 365 smtp.office365.com 587 TLS Use your Office 365 email address and password
Outlook.com smtp-mail.outlook.com 587 TLS Use your Outlook.com email address and password
Amazon SES email-smtp.us-east-1.amazonaws.com 587 TLS Use your SMTP credentials from AWS SES console

Testing Connection

After configuring your SMTP settings, it's important to verify that everything is working correctly:

  1. In the SMTP Settings tab, click the "Test Connection" button.
  2. SSLScope will attempt to connect to your SMTP server and send a test email to the specified recipient.
  3. A progress dialog will appear during the test.
  4. If successful, you'll see a confirmation message that the test email was sent.
  5. Check the recipient's inbox to ensure the test email was received.

If the test fails, double-check your SMTP settings, especially the server address, port, and credentials. Also verify that your network allows outbound connections to the SMTP server and port.

Troubleshooting SMTP Issues

If you're having trouble with SMTP configuration, check these common issues:

  • Incorrect credentials: Verify your username and password are correct.
  • Security settings: Some email providers (like Gmail) require you to create an "App Password" if you have two-factor authentication enabled.
  • Firewall restrictions: Ensure your firewall allows outbound connections to the SMTP server and port.
  • TLS/SSL requirements: Make sure you're using the correct port for your provider's security requirements.
  • Rate limiting: Some providers limit the number of emails you can send in a given period.

Certificate Monitoring

Once configured, SSLScope continuously monitors the SSL certificates for your domains and sends notifications when action is needed.

How Monitoring Works

SSLScope operates as a Windows service that runs in the background, regularly checking the status of SSL certificates for your configured domains:

  1. Continuous Checks: The service will continously monitor certificates for expirations.
  2. Certificate Retrieval: For each domain, SSLScope connects to the server and retrieves the SSL certificate information.
  3. Email Notifications: If a notification threshold is reached, an email is sent to the configured recipient.
  4. Notification Tracking: The service keeps track of sent notifications to avoid duplicate alerts.

The monitoring service starts automatically when your computer boots and runs continuously in the background with minimal resource usage.

Notification Schedule

SSLScope sends notifications at predefined intervals before a certificate expires. This schedule helps ensure you have adequate time to renew certificates before they cause service disruptions:

Notification When Sent Purpose
30 Days Warning When a certificate has 30 days remaining Provides early notification to plan renewal process
15 Days Warning When a certificate has 15 days remaining Indicates that renewal should be underway
1 Day Warning When a certificate has 1 day remaining Urgent reminder for immediate action
Expiration Notice When a certificate has expired Critical alert indicating service may be affected

Email Notification Format

Each notification email includes:

  • Subject indicating the urgency and domain affected
  • Clear message about the certificate's expiration status
  • Detailed certificate information including:
    • Subject (domain name and organization)
    • Issuer (Certificate Authority)
    • Serial number
    • Valid from/to dates
    • DNS names (including any alternative names)
    • Email addresses (if included in certificate)
    • IP addresses (if included in certificate)

Viewing Certificate Status

While SSLScope primarily operates through email notifications, you can also check certificate status through system logs:

Using Windows Event Viewer

SSLScope logs certificate check results to the Windows Event Log:

  1. Open Windows Event Viewer (right-click on Start and select "Event Viewer" or search for it in the Start menu).
  2. Navigate to "Windows Logs" > "Application".
  3. Look for events with source "SSLScopeMonitor".
  4. Certificate status information will appear in the event details, including:

    • Start and completion of certificate checks
    • Certificate expiration warnings
    • Connection errors
    • SMTP notification results

I you utilize a centralized logging solution, you may be able to send these logs to the solution for additional oversite into certificate expirations.

License Management

Effective license management ensures that SSLScope continues to function properly. This section covers how to check your license status and renew when needed.

Checking License Status

To check the current status of your SSLScope license:

  1. Launch the SSLScope Configuration utility.
  2. Go to the "License" tab.
  3. View the License Information section, which displays:

    • License Status: Shows if your license is valid or expired
    • Company Name: The registered company name
    • Email: The email address associated with the license
    • Valid Until: The expiration date of your license
    • Days remaining: Number of days left before license expires
  4. For a real-time check, click the "Check Status" button to verify your license against the SSLScope licensing server.

SSLScope also automatically checks your license status every day and will notify you when your license is approaching expiration (30 days, 15 days, and 1 day before expiration).

Renewing Your License

When your license is approaching expiration, you can renew it to ensure continuous operation:

  1. Visit the SSLScope website to purchase a license renewal.
  2. After purchase, you'll receive a new license key via email.
  3. Launch the SSLScope Configuration utility.
  4. Go to the "License" tab.
  5. Enter your new license key in the "License Key" field.
  6. Click the "Activate License" button.
  7. Upon successful activation, the License Information section will update with your new expiration date.

If your license expires, SSLScope will stop monitoring your certificates until you renew. To avoid service interruption, renew your license before the expiration date.

Software Updates

Keeping SSLScope updated ensures you have the latest features, improvements, and security updates. The application includes a built-in update mechanism.

Checking for Updates

  1. Launch the SSLScope Configuration utility.
  2. Go to the "About" tab.
  3. In the Updates section, click the "Check for Updates" button.
  4. SSLScope will connect to the update server and check if a newer version is available.
  5. If an update is available, you'll see a dialog with the new version number and changelog information.

Installing Updates

When an update is available, you can install it with these steps:

  1. In the update notification dialog, click "Yes" to download and install the update.
  2. A progress dialog will appear showing the download progress.
  3. Once downloaded, you'll be prompted to restart the application to complete the update.
  4. Click "Yes" to restart now, or "No" to apply the update later (next time you start the application).
  5. The updater will automatically install the new version and restart SSLScope.

During the update process, your configuration and license information are preserved. The service may be temporarily stopped and restarted as part of the update.

Manual Updates

If you prefer to update manually, or if automatic updates fail, you can:

  1. Download the latest installer from the SSLScope website.
  2. Close the SSLScope Configuration utility if it's running.
  3. Run the installer and follow the on-screen instructions to update your installation.
  4. The installer will automatically update all components while preserving your settings.

Troubleshooting

If you encounter issues with SSLScope, this section provides guidance on identifying and resolving common problems.

Common Issues

No Email Notifications Received

  1. Check SMTP Settings: Verify your SMTP server, port, username, and password are correct.
  2. Test Connection: Use the "Test Connection" button in the SMTP Settings tab to verify email delivery.
  3. Check Spam Folder: Notifications might be filtered as spam.
  4. Verify Service Running: Ensure the SSLScope Monitor service is running.
  5. Check Event Logs: Look for SMTP errors in the Windows Event Logs.

Connection Errors to Domains

  1. Verify Domain and Port: Ensure the domain name and port number are correct.
  2. Check Network Access: Verify the machine can reach the specified domain:port combination.
  3. Firewall Settings: Check if a firewall is blocking outbound connections.
  4. Proxy Configuration: If your network uses a proxy, SSLScope might not be able to connect directly.

License Activation Problems

  1. Verify License Key: Check that you've entered the key correctly without extra spaces.
  2. Internet Connection: Ensure you have an active internet connection during activation.
  3. Firewall Settings: Verify that SSLScope can reach the licensing server.
  4. Contact Support: If problems persist, contact support with your license key and machine ID.

Service Not Starting

  1. Check Services Console: Open Windows Services (services.msc) and check the status of "SSLScopeMonitor".
  2. Verify Permissions: Ensure the service has the necessary permissions.
  3. Check Event Logs: Look for service startup errors in Windows Event Logs.
  4. Restart Computer: Sometimes a system restart can resolve service issues.

Checking Service Status

To verify that the SSLScope monitoring service is running:

  1. Press Win+R to open the Run dialog.
  2. Type services.msc and press Enter to open the Services console.
  3. Scroll down to find "SSLScopeMonitor" in the list of services.
  4. Check the "Status" column, which should show "Running".
  5. If the service is not running, right-click on it and select "Start".
  6. If you receive an error when starting the service, check the Event Logs for more information.

Managing the Service from Command Line

You can also manage the service using the SSLScopeMonitor.exe command line tool:

  • To start the service: SSLScopeMonitor.exe start
  • To stop the service: SSLScopeMonitor.exe stop
  • To restart the service: SSLScopeMonitor.exe stop followed by SSLScopeMonitor.exe start

These commands must be run with administrative privileges. Right-click on Command Prompt and select "Run as administrator" before executing these commands.

Log Files

SSLScope maintains log files that can help diagnose issues:

Windows Event Logs

The monitoring service logs events to the Windows Event Log:

  1. Open Event Viewer (eventvwr.msc)
  2. Navigate to "Windows Logs" > "Application"
  3. Filter for the Source "SSLScopeMonitor"
  4. Review the logged events for errors or warnings

Important event categories in the logs:

  • Event IDs 1-999: Informational events (service start/stop, certificate checks)
  • Event IDs 1000-1999: Warnings (certificate expiration approaching, license expiring)
  • Event IDs 2000-2999: Errors (SMTP errors, connection failures, license issues)

When contacting support, include relevant logs to help troubleshoot your issue more effectively.

Best Practices

Follow these recommendations to get the most out of SSLScope and ensure reliable certificate monitoring:

Installation and Deployment

  • Install on a reliable system: Deploy SSLScope on a server or workstation that has high uptime.
  • Use a dedicated monitoring account: Create a dedicated non-admin Windows account for running the monitoring service.
  • Regular backups: Periodically back up your configuration file to preserve your settings.

Configuration

  • Multiple notification recipients: Configure distribution lists with multiple recipients to ensure redundancy.
  • Document your setup: Keep records of your monitoring infrastructure.

Monitoring Strategy

  • Include all critical certificates: Monitor not just your public websites but also internal services with SSL certificates.
  • Set calendar reminders: Use the 30-day notifications as triggers to set calendar reminders for certificate renewals.
  • Establish renewal procedures: Create standard procedures for certificate renewal triggered by SSLScope notifications.
  • Test new configurations: When adding new domains, verify monitoring is working by checking the Windows Event Logs.

Troubleshooting

  • Regular service checks: Periodically verify the service is running, especially after system updates.
  • Monitor the monitor: Consider setting up a simple check to ensure SSLScope itself is running properly.
  • Keep software updated: Regularly check for and install SSLScope updates.

Remember that SSL certificate monitoring is just one part of a comprehensive security strategy. Combine SSLScope with other security measures for best results.

Frequently Asked Questions

What operating systems does SSLScope support?

SSLScope currently supports Windows 10, Windows 11, and Windows Server 2016/2019/2022.

Can I monitor certificates on internal networks?

Yes! SSLScope can monitor certificates on both public and private networks, as long as the machine it's installed on can connect to the domains being monitored.

Does SSLScope support wildcard certificates?

Yes, SSLScope can monitor wildcard certificates. The certificate information will show all DNS names covered by the wildcard.

How are updates handled?

SSLScope checks for updates automatically and notifies you when new versions are available. Updates can be installed with just one click from the application interface.

Is there a limit to how many domains I can monitor?

No, all licenses include unlimited domain monitoring. You can add as many domains as you need.

What happens after my license period expires?

When your annual license expires, the software will stop functioning until you renew your license. You'll receive notifications before your license expires to remind you to renew.

Can I transfer my license to another server?

Yes, you can deactivate your license on one machine and activate it on another. For assistance with license transfers, please contact support.

Does SSLScope check certificate revocation status?

Currently, SSLScope focuses on certificate expiration monitoring. It does not check certificate revocation status via CRL or OCSP.

Can SSLScope automatically renew certificates?

SSLScope is a monitoring solution and does not automatically renew certificates. It provides timely notifications so you can initiate the renewal process according to your organization's procedures.

Does SSLScope support monitoring certificates that require client authentication?

No, SSLScope currently doesn't support monitoring servers that require client certificates.

Contact Support

If you need assistance with SSLScope or have questions not covered in this documentation, our support team is here to help.

Support Email

For technical support, license inquiries, or other questions, please email us at:

support@sslscope.com

When Contacting Support

To help us assist you more efficiently, please include the following information in your support request:

  • SSLScope version (found in the About tab)
  • Operating system version
  • Description of the issue you're experiencing
  • Any error messages (exact text is helpful)
  • Steps to reproduce the issue, if applicable
  • Relevant log files or screenshots

Our support team typically responds within 24 business hours.