[Improvement] Support TLS Expiry alerts also for CA certs in cert chain #2593
Labels
feature-request
Request for new features to be added
Comments
skaempfe
added a commit
to skaempfe/uptime-kuma
that referenced
this issue
Jan 12, 2023
…for improved notifications
skaempfe
added a commit
to skaempfe/uptime-kuma
that referenced
this issue
Jan 12, 2023
…epresent what id does. Evaluate certificate expiry from all certs in chain. Send a separate notification for every cert in chain, including cert type and CN.
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
🏷️ Feature Request Type
Other
🔖 Feature description
Currently only the first certificate within the certificate chain is checked and alerted for expiry but not the other (signing) certificates within the chain.
When monitoring the certificate expiry days, not only the first (server) certificate should be evaluated but also all certificates within the certificate chain (each issuer certificate) and then alerted separately.
This raises the awareness for sys admins for required ca-chain modifications/replacements.
✔️ Solution
See provided pull request.
❓ Alternatives
No response
📝 Additional Context
Last november we had a situation where an intermediate CA certificate expired (QuoVadis Global SSL ICA G3) despite the fact that the signed server certificate still was valid for 10 more month. This is a rather unusual situation and even more complicated to analyze and understand.
The text was updated successfully, but these errors were encountered: