Skip to content

Commit

Permalink
Adding TLS to node exporter - cleaner version (#1277)
Browse files Browse the repository at this point in the history 
Add support for https connections.

Signed-off-by: ksherryBAE <kieran.sherry@baesystems.com>
Signed-off-by: James Ritchie <james.g.ritchie@baesystems.com>
Signed-off-by: Simon Pasquier <spasquie@redhat.com>
Signed-off-by: Ben RIdley <benridley29@gmail.com>
  • Loading branch information
@ksherryBAE @SuperQ
ksherryBAE authored and SuperQ committed Nov 15, 2019
1 parent 20fe5bf commit aede041
Show file tree
Hide file tree
Showing 52 changed files with 11,430 additions and 2 deletions.
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
steps:
- checkout
- run: sudo pip install codespell
- run: codespell --skip=".git,./vendor,ttar,go.mod,go.sum" -L uint,packages\',uptodate
- run: codespell --skip=".git,./vendor,ttar,go.mod,go.sum,*pem" -L uint,packages\',uptodate

build:
machine:
Expand Down
2 changes: 2 additions & 0 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ require (
github.com/mattn/go-xmlrpc v0.0.1
github.com/mdlayher/genetlink v0.0.0-20190828143517-e35f2bf499b9 // indirect
github.com/mdlayher/wifi v0.0.0-20190303161829-b1436901ddee
github.com/pkg/errors v0.8.1
github.com/prometheus/client_golang v1.0.0
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90
github.com/prometheus/common v0.7.0
Expand All @@ -22,6 +23,7 @@ require (
golang.org/x/sync v0.0.0-20190423024810-112230192c58 // indirect
golang.org/x/sys v0.0.0-20190902133755-9109b7679e13
gopkg.in/alecthomas/kingpin.v2 v2.2.6
gopkg.in/yaml.v2 v2.2.2
)

go 1.13
4 changes: 4 additions & 0 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
Expand Down Expand Up @@ -130,6 +131,9 @@ golang.org/x/sys v0.0.0-20190902133755-9109b7679e13/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
24 changes: 24 additions & 0 deletions https/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# HTTPS Package for Prometheus

The `https` directory contains a Go package and a sample configuration file for running `node_exporter` with HTTPS instead of HTTP.
When running a server with TLS use the flag `--web.config`

e.g. `./node_exporter --web.config="web-config.yml"`
If the config is kept within the https directory.

The config file should be written in YAML format, and is reloaded on each connection to check for new certificates and/or authentication policy.

##Sample Config:
```
tlsConfig :
# Certificate and key files for server to use to authenticate to client
tlsCertPath : <filename>
tlsKeyPath : <filename>
# Server policy for client authentication. Maps to ClientAuth Policies
# For more detail on clientAuth options: [ClientAuthType](https://golang.org/pkg/crypto/tls/#ClientAuthType)
[ clientAuth : <string> | default = "NoClientCert" ]
# CA certificate for client certificate authentication to the server
[ clientCAs : <filename> ]
```
96 changes: 96 additions & 0 deletions https/testdata/server.crt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA
Validity
Not Before: Apr 5 08:06:57 2019 GMT
Not After : Mar 26 08:06:57 2059 GMT
Subject: C=US, O=Prometheus, CN=prometheus.example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:6c:b6:7f:d1:2f:be:e4:41:eb:5d:ff:50:78:
03:2b:76:03:da:01:48:20:13:90:66:c9:ce:6e:06:
e5:fa:2d:0d:c0:b0:46:28:44:10:a0:61:79:87:a2:
98:4c:29:fa:f9:bb:0f:44:c7:90:5c:5c:55:60:cd:
45:da:b8:e4:dd:28:72:c8:8b:a1:3e:4b:00:09:82:
b0:2c:dc:d6:17:c9:02:f4:cd:26:c7:11:28:f3:77:
b5:97:c2:76:c2:e0:07:d7:34:5b:e0:ed:1a:59:a5:
b4:b7:16:09:3d:35:bd:d9:03:07:9d:7c:3b:f0:63:
bd:5e:02:99:cf:32:e1:ac:4c:7a:3e:4c:b2:8e:98:
68:07:4f:59:dc:0d:bf:cc:83:04:5c:d8:90:f0:73:
da:2b:08:17:c4:36:a7:d8:94:3d:b6:c0:af:29:0a:
d3:19:5f:eb:7d:cc:4d:05:56:11:0a:ee:b1:f3:d7:
c9:5a:3c:8c:57:16:91:51:14:f8:20:4e:0f:29:9e:
04:21:e6:f1:e4:e8:44:af:d7:25:92:08:64:fc:2c:
1c:2e:4f:71:53:91:53:1d:e5:f9:7b:52:0f:21:da:
5c:dd:19:68:96:ca:70:6a:f1:c4:0d:07:af:f8:65:
13:92:e9:ef:65:b3:89:86:fd:c0:74:5c:a4:6b:49:
62:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
00:61:01:AD:25:44:8A:EF:E1:2C:EC:83:5A:3A:3B:EA:A0:BD:E1:45
X509v3 Authority Key Identifier:
keyid:4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E

Authority Information Access:
CA Issuers - URI:http://example.com/ca/tls-ca.cer

X509v3 CRL Distribution Points:

Full Name:
URI:http://example.com/ca/tls-ca.crl

X509v3 Subject Alternative Name:
IP Address:127.0.0.1, IP Address:127.0.0.0, DNS:localhost
Signature Algorithm: sha1WithRSAEncryption
77:97:e4:ef:db:10:8e:62:50:96:4a:6e:f5:a4:f9:1f:19:3b:
c8:a4:dd:b3:f6:11:41:1a:fb:e3:f8:dd:0e:64:e5:2b:00:b9:
e6:25:9f:2e:e1:d2:9a:cd:b6:f2:41:4d:27:dd:2c:9a:af:97:
79:e8:cf:61:fb:cf:be:25:c6:e1:19:a0:c8:90:44:a0:76:8a:
45:d4:37:22:e5:d4:80:b4:b3:0f:a8:33:08:24:ad:21:0b:b7:
98:46:93:90:8a:ae:77:0c:cb:b8:59:d3:3b:9b:fb:16:5a:22:
ca:c2:97:9d:78:1b:fc:23:fc:a0:42:54:40:de:88:4b:07:2b:
19:4e:0e:79:bf:c9:9f:01:a6:46:c5:55:fa:9f:c0:0d:8a:a6:
e1:47:16:a6:0e:be:23:c9:e9:58:d6:31:71:8c:80:9c:16:64:
f0:14:08:22:a1:23:7c:98:b9:62:d1:4a:ce:e3:5c:59:fb:41:
87:a5:3b:36:dd:3d:45:48:b0:b0:77:6f:de:58:2a:27:4d:56:
20:54:08:20:c8:6d:79:b5:b9:e6:3a:03:24:0f:6d:67:39:20:
78:10:2f:47:85:83:c1:4d:17:33:79:84:75:27:fa:47:67:59:
56:cc:33:7b:a5:77:aa:59:9a:98:30:10:1a:78:43:34:8f:ed:
c2:a1:a3:ea
-----BEGIN CERTIFICATE-----
MIIEPDCCAySgAwIBAgIBATANBgkqhkiG9w0BAQUFADBpMQswCQYDVQQGEwJVUzET
MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxGjAYBgNVBAMMEVByb21ldGhldXMgVExTIENBMCAXDTE5
MDQwNTA4MDY1N1oYDzIwNTkwMzI2MDgwNjU3WjBDMQswCQYDVQQGEwJVUzETMBEG
A1UECgwKUHJvbWV0aGV1czEfMB0GA1UEAwwWcHJvbWV0aGV1cy5leGFtcGxlLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL1stn/RL77kQetd/1B4
Ayt2A9oBSCATkGbJzm4G5fotDcCwRihEEKBheYeimEwp+vm7D0THkFxcVWDNRdq4
5N0ocsiLoT5LAAmCsCzc1hfJAvTNJscRKPN3tZfCdsLgB9c0W+DtGlmltLcWCT01
vdkDB518O/BjvV4Cmc8y4axMej5Mso6YaAdPWdwNv8yDBFzYkPBz2isIF8Q2p9iU
PbbArykK0xlf633MTQVWEQrusfPXyVo8jFcWkVEU+CBODymeBCHm8eToRK/XJZII
ZPwsHC5PcVORUx3l+XtSDyHaXN0ZaJbKcGrxxA0Hr/hlE5Lp72WziYb9wHRcpGtJ
YsUCAwEAAaOCAREwggENMA4GA1UdDwEB/wQEAwIFoDAJBgNVHRMEAjAAMB0GA1Ud
JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUAGEBrSVEiu/hLOyD
Wjo76qC94UUwHwYDVR0jBBgwFoAUTQK/cZVqqljFnLiDZ15kFpnhKp4wPAYIKwYB
BQUHAQEEMDAuMCwGCCsGAQUFBzAChiBodHRwOi8vZXhhbXBsZS5jb20vY2EvdGxz
LWNhLmNlcjAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vZXhhbXBsZS5jb20vY2Ev
dGxzLWNhLmNybDAgBgNVHREEGTAXhwR/AAABhwR/AAAAgglsb2NhbGhvc3QwDQYJ
KoZIhvcNAQEFBQADggEBAHeX5O/bEI5iUJZKbvWk+R8ZO8ik3bP2EUEa++P43Q5k
5SsAueYlny7h0prNtvJBTSfdLJqvl3noz2H7z74lxuEZoMiQRKB2ikXUNyLl1IC0
sw+oMwgkrSELt5hGk5CKrncMy7hZ0zub+xZaIsrCl514G/wj/KBCVEDeiEsHKxlO
Dnm/yZ8BpkbFVfqfwA2KpuFHFqYOviPJ6VjWMXGMgJwWZPAUCCKhI3yYuWLRSs7j
XFn7QYelOzbdPUVIsLB3b95YKidNViBUCCDIbXm1ueY6AyQPbWc5IHgQL0eFg8FN
FzN5hHUn+kdnWVbMM3uld6pZmpgwEBp4QzSP7cKho+o=
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions https/testdata/server.key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9bLZ/0S++5EHr
Xf9QeAMrdgPaAUggE5Bmyc5uBuX6LQ3AsEYoRBCgYXmHophMKfr5uw9Ex5BcXFVg
zUXauOTdKHLIi6E+SwAJgrAs3NYXyQL0zSbHESjzd7WXwnbC4AfXNFvg7RpZpbS3
Fgk9Nb3ZAwedfDvwY71eApnPMuGsTHo+TLKOmGgHT1ncDb/MgwRc2JDwc9orCBfE
NqfYlD22wK8pCtMZX+t9zE0FVhEK7rHz18laPIxXFpFRFPggTg8pngQh5vHk6ESv
1yWSCGT8LBwuT3FTkVMd5fl7Ug8h2lzdGWiWynBq8cQNB6/4ZROS6e9ls4mG/cB0
XKRrSWLFAgMBAAECggEAezQ0V1o11dEc1vuiTjJgzWnLA4aF5OcUquZjb8jo2Blp
soR0fUgYEFiV9RRaPl+nr7ptKe0rBgfAOGALKUHNCdN/JNU8oQmjEoyADg3s6jeB
xruQlzWgDwszf2uqVwHj16Nkhx1wYBKZQeQBSmCkBHwl/daKHcahqn3CkLOleKx+
Qlc3BzWNaGte6qpJMs0It3by1FuxRwVz5VkL8uhzj0WIOYMA84t0gTnFH9gfRO3F
licotxg/Nl5M36wWcfL8Jq++72AtaKcD1jUEwuQpogrVeqflmeHwn/TlL++Hv6Xe
Lq0jt3OCUKUV40eq9c5uEgTmyrVHMDkfFdXzutdMAQKBgQDsSMXk7P4SX6u6uTjV
In9eWw6ZyJ2aL6VB9co/NMsj49GrrFT8VX9d+JPe9P/n6tuGcFbymNep22njRksR
0ItpW1NFRR/R3g0kYe1EhkRpNm6fhY9oIuR9xhcNnPNYkqAKT3T/dxrzbwsNhomi
X8aht/eCz4ZsK/KdOGTkPozxgQKBgQDNOvrclT1Wl4bxONp9pEV5XpRSD/qigfIp
i5wxy7ihX/QY9RToIWJDnzMVLnEYe64RB2WB8/4WwNPOQcuaxXbFUFct/2NdhTnS
ToJPgPe819zW9t1FLTf1fHtsRBpGFtbhdlUDOiOtJiMXYiwlRh2uyWFhjOo8TNUE
qMwai0vLRQKBgQCDH4t6lC4W4jK5x2oLlT5bjWqX2uXjF8e8x/q5gsGspBPKEjOD
aKrq6jSdSRbui73RaGxH6pvb7iBf+LVWKIYFLKIUUdzrqS9f3lw+Z8h1HrjbG9JO
dvaX+aL3cf71S0E3F4sU7fLt3tSiZ+PfUQk424+mbyXox6a2qwIKS9AJgQKBgHCu
dHROYJo9ojKpo5Ueb6K+4jLYYSV+sYZMCBtzHlFETNKzJaJ6SeiU7Ugw8pmdtqnU
5M/gNl8pymFR0MeOqbKWdPdlZJpBfsjQoE2kouEFqFRCwKStui7IBUAheEeJXLv3
659U+aek69l35oMkp0GDgjs8UpN/H+pp/36Hgrr9AoGAftWU405rpStHEdRVrazP
FibQesT9HOdJgmm1gNIhj+PnFs7lKER9p0Wdl79QnIqjwyhjCXL94TFerzTKLY2c
IRj5dcRHiiT0iK8wq8bzGNYCqV73oQXaUFMiutNAArXwzwuvPFPWNBQsjLzeDLeC
mcOsCcPAk8cLYtVfZo2sP3g=
-----END PRIVATE KEY-----
173 changes: 173 additions & 0 deletions https/testdata/tls-ca-chain.pem
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA
Validity
Not Before: Apr 5 08:00:37 2019 GMT
Not After : Mar 26 08:00:37 2059 GMT
Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus TLS CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:d2:34:6b:ed:f1:f4:01:08:e5:00:9f:75:c8:
ba:fc:4b:72:c6:04:93:af:f1:f6:b5:ce:01:0d:c6:
bd:d3:16:98:9d:e5:51:56:12:58:16:ee:18:6e:f0:
68:a9:42:16:65:cf:e3:31:f5:90:79:9d:13:32:87:
3b:1f:65:fd:84:88:a4:56:3d:26:54:69:05:27:5a:
ea:89:02:e7:31:9b:7d:7f:76:93:54:70:bc:17:92:
06:9f:9f:90:4a:8a:cf:82:a7:7b:7c:71:c4:fa:34:
56:00:32:1a:85:c5:f8:e4:4a:63:43:37:9d:60:84:
4d:78:6e:87:12:c4:2b:1f:93:a5:fe:cc:5e:f1:df:
c1:97:ff:b7:3e:20:38:1d:71:15:11:ec:6c:7a:cc:
0e:87:52:31:b1:b9:74:c3:07:1c:42:4b:1e:c1:17:
bc:e4:13:b7:b0:20:2e:c4:07:93:bd:a8:11:f9:da:
a7:d0:df:4a:48:be:9b:6d:65:c3:ae:58:56:c0:9f:
17:c5:d8:32:b1:04:22:fb:5b:18:f6:20:10:50:ec:
2d:10:4f:cc:48:8f:f2:75:dd:33:a4:0e:f5:55:da:
2c:89:a1:3a:52:bb:11:11:0b:97:27:17:73:35:da:
10:71:b3:9f:a8:42:91:e6:3a:66:00:f9:e5:11:8f:
5b:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
4D:02:BF:71:95:6A:AA:58:C5:9C:B8:83:67:5E:64:16:99:E1:2A:9E
X509v3 Authority Key Identifier:
keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A

Authority Information Access:
CA Issuers - URI:https://example.com/ca/root-ca.cer

X509v3 CRL Distribution Points:

Full Name:
URI:https://example.com/ca/root-ca.crl

Signature Algorithm: sha1WithRSAEncryption
63:fc:ba:30:a5:05:d6:76:14:f1:77:38:b1:41:6f:81:d9:b4:
02:fd:bc:e5:f6:d9:e6:73:e0:71:cf:4c:fb:13:b5:6b:bd:b9:
c6:f6:28:18:36:e1:8c:d9:93:b3:78:4a:3d:39:1b:f4:fb:69:
75:24:ae:e1:a0:2f:94:05:bf:10:3c:3e:d2:2b:a8:f3:31:25:
2e:ed:13:ad:60:5d:22:9a:26:15:20:86:98:73:4c:f6:4b:48:
b8:1f:67:ba:4e:c9:47:ed:85:dc:38:dc:02:0c:fb:54:d5:2e:
6c:b4:95:18:51:d1:ae:ea:e8:fb:b4:19:50:04:bc:31:7e:51:
9e:85:29:4d:c8:f7:26:d6:d6:8d:35:2d:9e:e2:06:16:38:e2:
56:80:ec:f3:a3:34:e3:28:c4:e8:10:d0:8a:a6:6f:20:9a:b9:
dc:b9:90:6b:ba:8a:27:2c:29:72:28:55:e7:59:a6:a7:90:ec:
32:e8:d0:26:4a:c1:44:dd:20:bf:dc:4d:1e:7e:cc:e5:a2:5b:
e8:df:3d:4b:01:aa:48:56:17:e9:29:d8:71:83:05:36:8c:11:
4f:77:b8:95:20:b7:c7:21:06:c2:87:97:b4:6b:d3:f7:23:ba:
4d:5f:15:d1:0c:4d:6e:f1:6a:9d:57:5c:02:6a:d7:31:18:ef:
5c:fc:f8:04
-----BEGIN CERTIFICATE-----
MIIELTCCAxWgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET
MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x
OTA0MDUwODAwMzdaGA8yMDU5MDMyNjA4MDAzN1owaTELMAkGA1UEBhMCVVMxEzAR
BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MRowGAYDVQQDDBFQcm9tZXRoZXVzIFRMUyBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrSNGvt8fQBCOUAn3XIuvxLcsYEk6/x
9rXOAQ3GvdMWmJ3lUVYSWBbuGG7waKlCFmXP4zH1kHmdEzKHOx9l/YSIpFY9JlRp
BSda6okC5zGbfX92k1RwvBeSBp+fkEqKz4Kne3xxxPo0VgAyGoXF+ORKY0M3nWCE
TXhuhxLEKx+Tpf7MXvHfwZf/tz4gOB1xFRHsbHrMDodSMbG5dMMHHEJLHsEXvOQT
t7AgLsQHk72oEfnap9DfSki+m21lw65YVsCfF8XYMrEEIvtbGPYgEFDsLRBPzEiP
8nXdM6QO9VXaLImhOlK7ERELlycXczXaEHGzn6hCkeY6ZgD55RGPW1cCAwEAAaOB
3DCB2TAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E
FgQUTQK/cZVqqljFnLiDZ15kFpnhKp4wHwYDVR0jBBgwFoAUPB6oxkwFTSDsiNsp
1Hv5El3O6howPgYIKwYBBQUHAQEEMjAwMC4GCCsGAQUFBzAChiJodHRwczovL2V4
YW1wbGUuY29tL2NhL3Jvb3QtY2EuY2VyMDMGA1UdHwQsMCowKKAmoCSGImh0dHBz
Oi8vZXhhbXBsZS5jb20vY2Evcm9vdC1jYS5jcmwwDQYJKoZIhvcNAQEFBQADggEB
AGP8ujClBdZ2FPF3OLFBb4HZtAL9vOX22eZz4HHPTPsTtWu9ucb2KBg24YzZk7N4
Sj05G/T7aXUkruGgL5QFvxA8PtIrqPMxJS7tE61gXSKaJhUghphzTPZLSLgfZ7pO
yUfthdw43AIM+1TVLmy0lRhR0a7q6Pu0GVAEvDF+UZ6FKU3I9ybW1o01LZ7iBhY4
4laA7POjNOMoxOgQ0IqmbyCaudy5kGu6iicsKXIoVedZpqeQ7DLo0CZKwUTdIL/c
TR5+zOWiW+jfPUsBqkhWF+kp2HGDBTaMEU93uJUgt8chBsKHl7Rr0/cjuk1fFdEM
TW7xap1XXAJq1zEY71z8+AQ=
-----END CERTIFICATE-----
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA
Validity
Not Before: Apr 5 07:55:00 2019 GMT
Not After : Mar 26 07:55:00 2059 GMT
Subject: C=US, O=Prometheus, OU=Prometheus Certificate Authority, CN=Prometheus Root CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:b9:e2:ab:5f:61:22:e1:4e:cd:ee:da:b0:26:
2e:bb:b0:7e:1c:ce:10:be:16:29:35:0c:0c:1d:93:
01:29:2a:f6:f9:c2:6e:5c:10:44:ca:f8:dc:ad:7a:
06:64:0f:8a:18:ad:b2:a2:94:49:c9:ba:8c:45:94:
7c:d9:e0:11:45:d8:16:79:a2:20:9f:8c:63:60:72:
2a:5b:f9:66:80:ac:85:67:01:5a:eb:91:c1:d2:88:
87:9e:4c:18:c9:f2:f0:7a:18:c0:e6:ab:2c:78:de:
5f:b2:22:4e:94:9c:f5:cd:e6:e2:33:30:e9:20:10:
a6:a1:75:eb:59:ab:45:a9:f7:3e:54:40:ae:05:25:
be:74:c5:3a:fd:af:73:16:60:45:7c:4a:e0:0e:0d:
a1:15:7f:9a:1f:c2:a7:04:ad:ef:b3:e4:f6:00:2c:
4e:0b:04:90:49:ee:d3:db:a6:12:c4:91:0b:32:4f:
11:84:c7:c4:8a:ef:51:66:7a:b0:20:2f:cb:95:8d:
96:57:60:66:5e:f9:4f:5a:94:9c:71:ad:eb:ca:70:
3e:62:06:c2:3a:29:f8:9e:86:af:da:07:78:f8:31:
af:42:48:49:9e:4a:df:1b:27:1f:44:35:81:6d:fa:
7a:c5:6a:0a:35:23:c7:c4:d5:fe:c9:9e:61:c9:30:
cd:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A
X509v3 Authority Key Identifier:
keyid:3C:1E:A8:C6:4C:05:4D:20:EC:88:DB:29:D4:7B:F9:12:5D:CE:EA:1A

Signature Algorithm: sha1WithRSAEncryption
56:2f:79:e5:12:91:f5:19:a7:d1:32:28:fd:e3:9d:8f:e1:3c:
bb:a3:a5:f2:55:8a:03:ad:2c:1d:18:82:e1:7f:19:75:d9:47:
5b:e7:7c:e4:a5:e0:eb:dc:7e:24:a3:7d:99:1a:cf:39:ba:a5:
b4:b8:45:68:83:cf:70:ad:56:f2:34:73:65:fc:6c:b0:53:9a:
79:04:f7:3e:7e:4b:22:1b:e7:76:23:20:bc:9c:05:a2:5d:01:
d2:f0:09:49:17:b2:61:74:1a:5b:f4:e0:fd:ce:11:ba:13:4a:
e6:07:11:7d:30:e2:11:87:ee:33:1a:68:de:67:f4:ac:b5:58:
1a:ac:cf:7a:2d:fd:c3:44:5b:4b:cd:6c:ff:f6:49:b4:55:4a:
09:a0:92:2d:57:3b:69:85:54:3e:e9:ec:ef:b2:a5:7a:29:75:
2b:f8:eb:4b:d4:cf:68:ee:3e:c8:63:7e:12:eb:e4:2f:63:a3:
a7:c8:0f:e9:39:ff:5c:29:65:7f:25:f0:42:bf:07:ba:06:b8:
5e:d6:56:ba:f8:67:56:1b:42:aa:b3:04:d8:6e:88:10:a5:70:
b5:81:04:a4:90:a3:f0:83:4d:0c:6b:12:5d:a4:4c:83:5a:ff:
a8:7a:86:61:ff:0f:4c:e5:0f:17:d1:64:3c:bd:d9:22:7e:b7:
fa:9b:83:ba
-----BEGIN CERTIFICATE-----
MIIDtDCCApygAwIBAgIBATANBgkqhkiG9w0BAQUFADBqMQswCQYDVQQGEwJVUzET
MBEGA1UECgwKUHJvbWV0aGV1czEpMCcGA1UECwwgUHJvbWV0aGV1cyBDZXJ0aWZp
Y2F0ZSBBdXRob3JpdHkxGzAZBgNVBAMMElByb21ldGhldXMgUm9vdCBDQTAgFw0x
OTA0MDUwNzU1MDBaGA8yMDU5MDMyNjA3NTUwMFowajELMAkGA1UEBhMCVVMxEzAR
BgNVBAoMClByb21ldGhldXMxKTAnBgNVBAsMIFByb21ldGhldXMgQ2VydGlmaWNh
dGUgQXV0aG9yaXR5MRswGQYDVQQDDBJQcm9tZXRoZXVzIFJvb3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/ueKrX2Ei4U7N7tqwJi67sH4czhC+
Fik1DAwdkwEpKvb5wm5cEETK+NytegZkD4oYrbKilEnJuoxFlHzZ4BFF2BZ5oiCf
jGNgcipb+WaArIVnAVrrkcHSiIeeTBjJ8vB6GMDmqyx43l+yIk6UnPXN5uIzMOkg
EKahdetZq0Wp9z5UQK4FJb50xTr9r3MWYEV8SuAODaEVf5ofwqcEre+z5PYALE4L
BJBJ7tPbphLEkQsyTxGEx8SK71FmerAgL8uVjZZXYGZe+U9alJxxrevKcD5iBsI6
Kfiehq/aB3j4Ma9CSEmeSt8bJx9ENYFt+nrFago1I8fE1f7JnmHJMM0fAgMBAAGj
YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ8
HqjGTAVNIOyI2ynUe/kSXc7qGjAfBgNVHSMEGDAWgBQ8HqjGTAVNIOyI2ynUe/kS
Xc7qGjANBgkqhkiG9w0BAQUFAAOCAQEAVi955RKR9Rmn0TIo/eOdj+E8u6Ol8lWK
A60sHRiC4X8ZddlHW+d85KXg69x+JKN9mRrPObqltLhFaIPPcK1W8jRzZfxssFOa
eQT3Pn5LIhvndiMgvJwFol0B0vAJSReyYXQaW/Tg/c4RuhNK5gcRfTDiEYfuMxpo
3mf0rLVYGqzPei39w0RbS81s//ZJtFVKCaCSLVc7aYVUPuns77Kleil1K/jrS9TP
aO4+yGN+EuvkL2Ojp8gP6Tn/XCllfyXwQr8Huga4XtZWuvhnVhtCqrME2G6IEKVw
tYEEpJCj8INNDGsSXaRMg1r/qHqGYf8PTOUPF9FkPL3ZIn63+puDug==
-----END CERTIFICATE-----
4 changes: 4 additions & 0 deletions https/testdata/tls_config_auth_clientCAs_invalid.bad.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
tlsConfig :
tlsCertPath : "testdata/server.crt"
tlsKeyPath : "testdata/server.key"
clientCAs : "somefile"
Loading

0 comments on commit aede041

Please sign in to comment.