You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We started implementing x509 module to get a better overview on our certificates
We found that the certificate still shows as valid even if the certificate is misconfigured and the returned certificate does not match the SNI
It seems only expiry is validated but not if the certificate is valid for the SNI
This would be very helpful to not only monitor for expiry but also misconfigurations
Currently we plan to implement workarounds via Director Automations to do transforms and have a check applied that does an OpenSSL check for the validity but that would be an additional unnecessary connect to the monitored host that could already be evaluated by the x509 module
Best regards
The text was updated successfully, but these errors were encountered:
We started implementing x509 module to get a better overview on our certificates
We found that the certificate still shows as valid even if the certificate is misconfigured and the returned certificate does not match the SNI
It seems only expiry is validated but not if the certificate is valid for the SNI
This would be very helpful to not only monitor for expiry but also misconfigurations
Currently we plan to implement workarounds via Director Automations to do transforms and have a check applied that does an OpenSSL check for the validity but that would be an additional unnecessary connect to the monitored host that could already be evaluated by the x509 module
Best regards
The text was updated successfully, but these errors were encountered: