issue with p12 certificate

joe-elliott / cert-exporter

A Prometheus exporter that publishes cert expirations on disk and in Kubernetes secrets

Apache License 2.0

322 stars 87 forks source link

issue with p12 certificate #174

Open nirmal20081028 opened 1 week ago

nirmal20081028 commented 1 week ago

We have below config but no metrics is available for p12 certs. Is this solution supports .p12 ./app --secrets-include-glob=test-.crt --secrets-include-glob=ca.crt --secrets-include-glob=.p12 --logtostderr..

log: failed to parse as pem and pkcs12: pkcs12: unknown attribute with OID 2.16.840.1.113894.746875.1.1

joe-elliott commented 1 week ago

here is the code that parses the certs:

https://github.com/joe-elliott/cert-exporter/blob/d46c099b2db76018e4c8ef4cfd2e9a6d69edb1d3/src/exporters/certHelpers.go#L43-L52

you could isolate this in a simple local go program and see if it parses your cert. if we find a new go library to support your cert's format i would merge a PR with the addition.

Blackhawk312 commented 1 week ago

I work together with @nirmal20081028 and investigated the issue. The problem was a deprecated function for decoding the pkcs12 certificate. I updated the package and used a non-deprecated function to decode the certificate in https://github.com/joe-elliott/cert-exporter/pull/175.