Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-17497

Add certificate expiration metrics

    XMLWordPrintable

    Details

    • SDK Impact:
      Unset
    • System Test Impact:
      Unset
    • Documentation Impact:
      Unset

      Description

      Following up the idea https://jira.hyperledger.org/browse/FAB-17000
      Checking the logs could be quite annoying and error-prone, so it would be really helpful to have metrics with "Not After" value for all used certificates. These metrics can be implemented for the orderer, peer and ca as well. I would suggest that metrics are created for any unique used certificate, regardless of its type - tls, identity, ca, etc.

      Something like:

      cert_not_after{issuer="tlsca.domain.com",cn="ca.domain.com"} 1581351701
      cert_not_after{issuer="ca.domain.com",cn="orderer01.domain.com"} 1581351810
      cert_not_after{issuer="ca.domain.com",cn="admin"} 1581351933

      This approach might be quite redundant, but reliable and configurable.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            kantipov Konstantin Antipov
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration