Add riemann-tls-check
to monitor TLS certificates
#253
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add a
riemann-tls-check
that accept a list of URI of resources to check TLS certificates.For each URI, resolve the IP addresses that provide the service, and for each IP address perform a TLS handshake and generate events from the certificate:
(icons legend: 🆗/💥 => the metric report a status (ok, warning, critical); 📉 + 📈 => the metric report a metric)
A STARTTLS handshake is automatically done for
imap://
,ldap://
andsmtp://
URI.A protocol specific handshake is done for
mysql://
andpostgres://
URI.Limitations
The required API in OpenSSL to check for OCSP Stapling is not currently part of the openssl gem, so this cannot be tested at the moment: ruby/openssl#401