3

Every once and a while I see stories about a site being hacked, but it turns out that the domain registration just expired and someone else grabbed the domain and redirected DNS. I've also been to sites with invalid SSL certificates that have expired.

So... question is, how do you keep track of these registrations (that may be paid for for years at a time?) so that they can be renewed in a timely manner? Most registrars will send reminder e-mails when renewal time is coming up, but that doesn't help if they are sent to an admin that left the company a year ago.

Just curious...

Sean Earp
  • 7,207
  • 3
  • 34
  • 38

5 Answers5

3

Creating a custom SharePoint list for this is awesome.

Also, you really shouldn't have your automated vendor emails coming to any particular one person. Set up a group distribution list (i.e. admin@mycompany.com), that way people can move in and out of the group as they come on board without affecting this service.

Brandon
  • 2,807
  • 1
  • 22
  • 28
1

We just have a simple spreadsheet with Domain expiration dates and SSL Cert expiration dates if that domain uses SSL. Of course we only have 5 domains names and I doubt that approach would scale to 100's

Also we set all contact emails to our main Admin distribution group instead of individual people so no matter who is the admin at the time they get the emails.

Zypher
  • 36,995
  • 5
  • 52
  • 95
1

We rely on reminder emails from the vendor or a shared calendar sent to DLs, but various groups within the organization (thousands of IT people) may handle it differently.

If I were in charge of it, I'd get the certs on a single contract and have a clerical-type person track when they are going to expire and handle the ordering to prevent people from using "Vendor X" because they got a free USB key from them. It's really something that shouldn't be an IT function IMO.

duffbeer703
  • 20,077
  • 4
  • 30
  • 39
1

It's not terribly difficult to script checking expiry dates.

For domains, you can easily interface with the whois command line, but a whois library for a programming language will probably make this a bit easier due to the difference in what the various region registrars return.

For certficates, the openssl cli can be used with it's s_client and x509 modes to retrieve and decode a certificate, so you can do this in shell if you don't want to use a proper programming language with OpenSSL bindings.

Every time you set up a new domain or SSL site, add it to the list that these scripts check. Then run it weekly/monthly as required and send alerts to a current email when it finds something is going to expire in the next quarter.

Now, if your domains are locked at the registrar to the email address you no longer control you've got another issue, but at least it's one you have advance warning of rather than one you have to solve after the domain has expired without you realizing it.

James F
  • 6,549
  • 1
  • 25
  • 23
0

You've got plenty of suggestions already, choose the one that fits your needs best. In my opinion the most critical thing is for one person to be responsible for it and someone, or a small group, responsible for ensuring it's done. If you spread the primary responsibility amongst a group you invariably find that everyone assumed someone else did it and in the end quite possibly nobody did.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108