Hello community
I would like to monitor keystores as example cacert or osp.jks
With keytool i could export and write the certificate informations from an expiring certificate into a file.
Now I would like to pass these information to prometheus.
Does exist a keystore exporter or has someone an idea how I could solve it?
Thanks in advance for your help.
Ramon
SuperQ
April 18, 2022, 9:03am
2
Typially you would export certificate expiry as the unix timestamp gauge. This is similar to metrics like process_start_time_seconds
process_start_time_seconds{instance="foo:9090",job="prometheus"} 1649251947.81
This is also how the blackbox_exporter
exposes certificate expiry for https sites.
Hi SuperQ
How can I export from a keystore a specific certificate in unix timestamp?
I tried it with a script such this…
#!/bin/sh
keystore=/opt/common/jre/bin/keytool -list -v -keystore /opt/osp/osp.jks -storepass changeit > /import/swdepot/tmp/tmp_$(hostname).txt
echo -n "probe_ssl_earliest_cert_expiry ">/import/tmp/cert_expiration_$(hostname).prom;cat tmp_$(hostname).txt | grep “Alias name: osp” --after=8 | grep -e “Alias name: osp” -e until | sed “s/until:\ /\n/g” | tail -n 1 >>/import/swdepot/tmp/cert_expiration_$(hostname).prom
The content of the osp.jks file looks like this:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: osp
Creation date: Apr 14, 2020
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=192.168.88.70
Issuer: CN=192.168.88.70
Serial number: 2ff28f2b
Valid from: Tue Apr 14 14:16:43 CEST 2020 until: Thu Apr 14 14:16:43 CEST 2022
My Idea was to grabb this information, but prometheus shoud be able to handle it.
Apr 14 14:16:43 CEST 2022
Another question is, how to convert this infors into an unix timestamp?