Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-17497

Add certificate expiration metrics

    XMLWordPrintable

Details

    • Story
    • Status: Backlog
    • Low
    • Resolution: Unresolved
    • None
    • None
    • fabric-crypto
    • Unset
    • Unset
    • Unset

    Description

      Following up the idea https://jira.hyperledger.org/browse/FAB-17000
      Checking the logs could be quite annoying and error-prone, so it would be really helpful to have metrics with "Not After" value for all used certificates. These metrics can be implemented for the orderer, peer and ca as well. I would suggest that metrics are created for any unique used certificate, regardless of its type - tls, identity, ca, etc.

      Something like:

      cert_not_after{issuer="tlsca.domain.com",cn="ca.domain.com"} 1581351701
      cert_not_after{issuer="ca.domain.com",cn="orderer01.domain.com"} 1581351810
      cert_not_after{issuer="ca.domain.com",cn="admin"} 1581351933

      This approach might be quite redundant, but reliable and configurable.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              kantipov Konstantin Antipov
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: