This check monitors TLS protocol versions, certificate expiration and validity, etc.
Notes:
- Only TCP is supported.
- Only leaf / end user certificates are verified (not intermediate and root certificates).
The TLS check is included in the Datadog Agent package. No additional installation is needed on your server.
To configure this check for an Agent running on a host:
-
Edit the
tls.d/conf.yamlfile, in theconf.d/folder at the root of your Agent's configuration directory to start collecting your TLS data. See the sample tls.d/conf.yaml for all available configuration options.
For containerized environments, see the Autodiscovery Integration Templates for guidance on applying the parameters below.
| Parameter | Value |
|---|---|
<INTEGRATION_NAME> |
tls |
<INIT_CONFIG> |
blank or {} |
<INSTANCE_CONFIG> |
{"server": "%%host%%", "port":"443"} |
Note: If you are using internal certificates that are not from a well-known, trusted CA, certain metrics may not report to Datadog. Use tls_verify: false in your integration template to report all metrics in this instance.
Run the Agent's status subcommand and look for tls under the Checks section.
See metadata.csv for a list of metrics provided by this integration.
TLS does not include any events.
See service_checks.json for a list of service checks provided by this integration.
Need help? Contact Datadog support.