Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Heartbeat] For an HTTPS monitor heartbeat doesn't capture expired ssl certificate information #13687

Closed
shahzad31 opened this issue Sep 16, 2019 · 3 comments · Fixed by #14588
Closed

[Heartbeat] For an HTTPS monitor heartbeat doesn't capture expired ssl certificate information #13687

shahzad31 opened this issue Sep 16, 2019 · 3 comments · Fixed by #14588
Assignees
@andrewvc
Labels
enhancement Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team

Comments

@shahzad31
Copy link
Contributor

Heartbeat HTTPS Monitor Expired SSL Certificate information:

while working in Uptime app, if a monitor is an https, we are displaying it's ssl information in overview page
image

while heartbeat captures information when the ssl certificate is going to expire, it doesn't capture if the certificate is already expired. In that case we should be able to capture information when the certificate got expired. Usually when visiting any expired ssl site, chrome is able to display information that certificate got expired on such data. So it might be possible as well in heartbeat agent to capture that information.

this is also discussed in
elastic/kibana#45613
@shahzad31 shahzad31 added enhancement Team:obs-ds-hosted-services Label for the Observability Hosted Services team Heartbeat labels Sep 16, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/uptime

@shahzad31 shahzad31 mentioned this issue Nov 14, 2019
Closed
andrewvc added a commit to andrewvc/beats that referenced this issue Nov 18, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs
dbe8bed 
This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.
@andrewvc andrewvc mentioned this issue Nov 18, 2019
Merged
andrewvc added a commit that referenced this issue Nov 19, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588)
eff54c3 
This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.
andrewvc added a commit to andrewvc/beats that referenced this issue Nov 19, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
999c3ea 
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
@zube zube bot reopened this Nov 19, 2019
@zube zube bot closed this as completed Nov 19, 2019
andrewvc added a commit to andrewvc/beats that referenced this issue Nov 19, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
4d074a5 
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
This was referenced Nov 19, 2019
Merged
Merged
andrewvc added a commit that referenced this issue Nov 20, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588) (#…
8eefd06 
…14620)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit to andrewvc/beats that referenced this issue Nov 20, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
8009a89 
)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
@andrewvc andrewvc mentioned this issue Nov 20, 2019
Merged
andrewvc added a commit that referenced this issue Nov 22, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588) (#…
a4e631c 
…14621)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
andrewvc added a commit that referenced this issue Nov 25, 2019
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (#14588) (#…
ff7db03 
…14673)

This patch fixes #13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit eff54c3)
@andrewvc andrewvc reopened this Dec 4, 2019
@zube zube bot added [zube]: Inbox and removed [zube]: Done labels Dec 4, 2019
@andrewvc
Copy link
Contributor

andrewvc commented Dec 4, 2019

Re-opening this as the prior PR didn't actually fix this. This isn't an easy item to fix as golang doesn't want to provide metadata about connections that are invalid.

@shahzad31
Copy link
Contributor Author

This has been fixed in #17687

@zube zube bot removed the [zube]: Done label May 26, 2020
leweafan pushed a commit to leweafan/beats that referenced this issue Apr 28, 2023
@andrewvc
[Heartbeat] Record TLS Metadata for expired/invalid certs (elastic#14588
89ff4ab 
) (elastic#14621)

This patch fixes elastic#13687 .

Previously heartbeat would only traverse valid x509 cert chains, with
this PR it now traverses all certs provided by the server.

(cherry picked from commit b69ecd2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@andrewvc andrewvc

Labels
enhancement Heartbeat Team:obs-ds-hosted-services Label for the Observability Hosted Services team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Heartbeat] Record TLS Metadata for expired/invalid certs andrewvc/beats
3 participants
@andrewvc @shahzad31 @elasticmachine