-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for JKS files to x509_cert plugin #7013
Comments
Is JKS file supposed to be supported by this plugin? If not, can it be supported? |
Unfortunately the plugin does not support JKS format, we only have support for PEM encoded certs. We are interested in adding support for additional formats though, I'll mark this as a feature request. |
Thanks @danielnelson. Looking forward to this feature getting implemented. |
@elizabetht you can use input.exec plugin with bash scripts. |
+1 for this feature. Currently we have to deploy java jetty server which reads and used jks certs and envoy monitors jks certs through jetty (as common pem). But this approach is lightly awkward. |
Looking for a Go solution to parse the JKS format I found this: https://github.com/pavlo-v-chernykh/keystore-go which seems like the most mature solution. Although the problem I am seeing is it doesn't provide an exact match to the existing fields and tags the plugin outputs. I am not too familiar with the JKS format if this is a limitation of the package or the format, curious if anyone interested in this feature could share what fields and tags they would be interested in getting if the plugin could parse JKS? |
Hello! I am closing this issue due to inactivity. I hope you were able to resolve your problem, if not please try posting this question in our Community Slack or Community Page. Thank you! |
It's odd that you have to work with the jks and doesn't have the certificates laying around. But you might create your own Telegraf plugin consisting of a bash script, which extracts the p12 from the keystore using openssl and then writing the metric. For reference here is a full tutorial: https://songrgg.github.io/operation/how-to-check-and-monitor-tls-jks-certificates-with-telegraf/ |
Relevant telegraf.conf:
System info:
telegraf-1.13.2-1.x86_64 is included in the package
Steps to reproduce:
E! [inputs.x509_cert] Error in plugin: cannot get SSL cert '/etc/path-to-jks/server.jks': failed to parse certificate PEM
Expected behavior:
x509_cert plugin to parse JKS certificate files
Actual behavior:
Getting errors in the telegraf-client logs
Additional info:
The text was updated successfully, but these errors were encountered: