The support collector allows our customers to collect relevant information from their servers. A resulting ZIP file can then be provided to our support team for further inspection.
I'd like to see information about certificates used by services support collector scrapes.
My idea for a first attempt would be to connect to default ports on localhost for all collected services. Just use openssl to get the basic information. Personally I don't see a problem with collecting the public certificate via curl/openssl but I can imagine some people having security concerns (justified or not).
But what I want to see:
Certificate matched to service (so that you don't have to guess if it's an Icinga 2 API, Icinga Web 2 or some other service certificate)
Expiry time
Issuer (important to know whether it's managed by a built in CA or replaced by some self signed or company CA signed certificate)
All names and IPs the certificate is valid for
I'd like to see this at least for the following (default ports to make things easier, maybe other ports should be planned for the future):
Describe the feature request
I'd like to see information about certificates used by services support collector scrapes.
My idea for a first attempt would be to connect to default ports on localhost for all collected services. Just use
opensslto get the basic information. Personally I don't see a problem with collecting the public certificate via curl/openssl but I can imagine some people having security concerns (justified or not).But what I want to see:
I'd like to see this at least for the following (default ports to make things easier, maybe other ports should be planned for the future):