[FAB-17497] Add certificate expiration metrics - Hyperledger JIRA

XML

Word

Printable

Details

Type: Story
Status: Backlog (View Workflow)
Priority: Low
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: fabric-crypto
Labels:
- help-wanted

SDK Impact:
Unset
System Test Impact:
Unset
Documentation Impact:
Unset

Description

Following up the idea https://jira.hyperledger.org/browse/FAB-17000
Checking the logs could be quite annoying and error-prone, so it would be really helpful to have metrics with "Not After" value for all used certificates. These metrics can be implemented for the orderer, peer and ca as well. I would suggest that metrics are created for any unique used certificate, regardless of its type - tls, identity, ca, etc.

Something like:

cert_not_after{issuer="tlsca.domain.com",cn="ca.domain.com"} 1581351701
cert_not_after{issuer="ca.domain.com",cn="orderer01.domain.com"} 1581351810
cert_not_after{issuer="ca.domain.com",cn="admin"} 1581351933

This approach might be quite redundant, but reliable and configurable.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Konstantin Antipov

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Feb/20 12:40 PM

Updated:: 30/Oct/20 11:12 AM