Details
-
Story
-
Status: Backlog
-
Low
-
Resolution: Unresolved
-
None
-
None
-
Unset
-
Unset
-
Unset
Description
Following up the idea https://jira.hyperledger.org/browse/FAB-17000
Checking the logs could be quite annoying and error-prone, so it would be really helpful to have metrics with "Not After" value for all used certificates. These metrics can be implemented for the orderer, peer and ca as well. I would suggest that metrics are created for any unique used certificate, regardless of its type - tls, identity, ca, etc.
Something like:
cert_not_after{issuer="tlsca.domain.com",cn="ca.domain.com"} 1581351701 cert_not_after{issuer="ca.domain.com",cn="orderer01.domain.com"} 1581351810 cert_not_after{issuer="ca.domain.com",cn="admin"} 1581351933
This approach might be quite redundant, but reliable and configurable.
Attachments
Issue Links
- relates to
-
FAB-17000 Provide notification to users if certs are about to expire
-
- Closed
-