url_response probe version 4.46

We are getting an alarm from url_response for a website that says 15 days to expiration but when viewing the actual certificate on the webpage in a browser, it shows a much longer time period.

Release : 20.3

Component : UIM - URL_RESPONSE

Redirection of URL

The url_response log will provide more insight.  For example:

  Sep 15 12:55:06:957 [8596] url_response: Using InternetConnect / HttpOpenRequest / HttpSendRequest to fetch https://mysite/
  Sep 15 12:55:07:103 [8596] url_response: Query Certificate Information Successfull
  Sep 15 12:55:07:103 [8596] url_response: [ProfileName] 444 days left for Expiry Of Certificate
  Sep 15 12:55:07:103 [8596] url_response: HttpQueryInfo returns 302 - The requested resource resides temporarily under a different URI (Uniform Resource Identifier).
  Sep 15 12:55:07:187 [8596] url_response: Query Certificate Information Successfull
  Sep 15 12:55:07:187 [8596] url_response: [ProfileName] 15 days left for Expiry Of Certificate
  Sep 15 12:55:07:195 [8596] url_response: [ProfileName] debug - MyGet (https://mysite/) returns 0

This shows that the HTTPS request is being temporarily redirected (error 302).

In this case it happened to be due to a Single-Sign-On (SSO) app which was being called, and the certificate on the SSO server was actually the one which was close to expiration.