sergei-maertens
commented
2 months ago How would you detect that a certificate is "in use"?
Open alextreme opened 1 year ago
sergei-maertens
commented
2 months ago How would you detect that a certificate is "in use"?
alextreme
commented
2 months ago How about we skip the 'in use' checking and simply notify if there is a certificate that is expiring? It is then up to the admin to determine if the certificate is in use and needs to be replaced, or if the certificate is no longer in use and can be removed
Discussed with @sjoerdie
Currently we have external (Uptimerobot) monitoring of our web-facing certificates. However for our DigiD/eHerkenning certificates we don't have additional monitoring in place.
It would be useful to automatically send a notification to staff-users if a certificate which is in-use is expiring within 30 days. This would be a weekly check (so you get bothered at most 4x).
This could be a management command or via some other mechanism, as long as it is easily automated.