I need to know if it is possible to specify the certificate which will be monitored for expiration.

I have a scenario where I have a software which installs its own certificate in the certificate store where my CA certificate is installed.

Now I have the problem that only the certfiicate of the software is monitored and not the one from my CA.

Can I specify the Issuer somehow or is there another way to monitor both certificates?

And another question I have is, if the X509 certificate Plugin can also monitor the CA Certificate of a Domain Controller. 

I am asking this because all of my DCs give me an IP Configuration SSL Socket Error when I try to add the X509 Template to the host. 

UNKNOWN: Error creating SSL socket: Connection timed out, SSL error: IO::Socket::IP configuration failed

Other servers with just “normal” CA certificates are monitored just fine. There are no relevant differences in the firewall configuration between DCs and “normal” servers.