topic Re: Display certificate information in Security Analytics

Display certificate information

Antonio Macia — Tue, 10 Mar 2026 08:56:15 GMT

Hi,

I configured a CSE for alerting everytime a TLS connection using a version lower than 1.3 is made. I'm getting the flow alerts but I cannot see any URL information that helps me identifying which particular URL is not compliant. Is there any way to get the details? Looking into the flow details the "encryption TLS/SSL version" is not populated either as you can see in the image attached.

Regards

Re: Display certificate information

pieterh — Tue, 10 Mar 2026 11:19:58 GMT

check if this applies for the certificate:
https://docs.thousandeyes.com/product-documentation/alerts/creating-and-editing-alert-rules/transport-layer-security-tls-alerts

Caveats

If the target site uses HTTP/2 and issues at least one redirect, and the last request is to the same domain as the previous request, then the certificates will be lost.

Re: Display certificate information

David Salter — Tue, 10 Mar 2026 14:14:57 GMT

Do you have the 'Encryption TLS/SSL Version' field added to your Flow Search? It's not added by default. You can find it under 'Manage Columns' in the Flow Search results. The field is in the 'Connections' section.

Re: Display certificate information

Antonio Macia — Tue, 10 Mar 2026 15:36:07 GMT

Hi,

The TLS fields are empty, not getting populated. Anyway, I was wondering if I could see the actual hostname of the domain? Let's say I want to gather information about the domains that use a encryption version lower than TLS 1.3. Is this possible?

Thanks.

Re: Display certificate information

David Salter — Tue, 10 Mar 2026 16:09:45 GMT

If you are using ETA and not seeing TLS version you may want to check the exporter configuration. If you are using a Flow Sensor, is it set to export HTTPS Header Data? By all means reach out to me directly if you are still not seeing TLS telemetry.