Expiry Canary

Expiry Canary is a Firefox 3 or SeaMonkey 2 add-on to warn you about certificates which are about to expire. You can alter the warning period and the sites on which it activates, allowing site admins to have a backstop warning about certificate expiry and prevent embarrassing accidents (Google, Yahoo, LinkedIn).

You can find it in the sandbox on addons.mozilla.org for Firefox 3 or Seamonkey 2. Please add feedback :-) And if anyone is able to draw a better icon, please get in touch.

7 thoughts on “Expiry Canary

  1. Nice idea! Do you have a test server set up ? Also, the UI does not say what “nearly-expired” means.

  2. No test server – just visit any SSL website. If you want to see the message on a higher percentage of sites, set extensions.canary.warningPeriod to a high number of days. Incidentally, that’s the value of “nearly expired” as well :-) I may put that in the message at some point.

  3. Nice idea, even if it’s in the early dev stages (e.g. Preferences option is disabled!). I think the primary target audience for this is surely Web site administrators managing multiple secure certificates, usually with different expiry dates. To aid this, I think Expiry Canary needs the following:

    * A UI to add sites to monitor (a simple textarea to paste a bunch of top-level sites into would do to start with, though ultimately these will need editing for mistakes or removing etc.).

    * A way to display the list of sites in expiry date order.

    * Auto-re-polling of the sites (e.g. once a week or once a month) to see if a cert has had a renewal cert in place or indeed if the site no longer has an SSL cert.

    * An “in your face” dialogue box list of all sites within the “nearly expired” period when you first run Firefox at the start of the day (or after every 24 hours if someone runs it for more than a day).

    * Please make sure it’s easy to read whatever format you store the sites/expiry dates in, because I’d prefer to take a backup copy of that in case it gets corrupted…

  4. Richard: a lot of those features are better designed for something which actively polls sites, rather than notifying you as you visit them. That would be a different thing. Yes, it would be good to have a prefs UI, though. :-)

    The sites are stored in prefs.js in text form.

    Gerv

  5. I think that without my suggestions of tracking/re-polling/alerting a set of multiple secure cert sites, Expiry Canary would remain little more than a Nelson Muntz-errific “Ha-ha!” tool to be run by the temrinally curious only (“oh look, big company XYZ forgot to renew their cert – ha ha!”). The very people who should use this tool (the Webmasters maintaining the secure certs) won’t do so if it can’t handle auto-alerting them if any of the secure sites they manage have an about-to-expire secure cert – they shouldn’t need to visit each and every secure cert site each and every day to find out which ones are about to expire – that’s the computer’s job :-)

    I have 30 secure cert sites to maintain and sadly I’m sticking with my plain text file list of domains/expiry dates (I tend to get e-mail reminders from the cert issuer too, but better to play it safe in case I miss/delete one of those e-mails). An improved Expiry Canary extension would make my life a lot easier, but the current one doesn’t really help me much. As an end-user, the way Expiry Canary works is probably OK (and I think you should keep that mode for casual users), but for the secure site maintainers, it needs beefing up somewhat. And, no, a separate extension really doesn’t make much sense to me – it should be useful to both types of user (as it stands now, Expiry Canary is more of an “embarrassment alert” tool for the amusement of Web surfers than an aid to secure site Webmasters).