Is there any way for ASM to monitor for expiry for self-signed certificates ? As far as I can see, any self-signed cert will fail the basic check.
Certificate expiration is checked only when 'Verify Certificate' is enabled in HTTPS monitor settings. So the expiration can't be checked independently. Self-signed certificate is then treated as untrusted with the 'Verify Certificate' enabled.
Yeah, that's the behavior I see. Do you think CA would entertain an enhancement to allow checking of self-signed certs for expiration only ?