search

ribbybibby / ssl_exporter

Exports Prometheus metrics for TLS certificates
Apache License 2.0
507 stars 95 forks source link

How to add self signed certificates #59

Closed guptaalok20 closed 3 years ago

guptaalok20 commented 3 years ago

We have a few certificates which are self signed and I see below errors while trying to monitor them: x509: certificate signed by unknown authority

Is there a way I can add self-signed certificates to avoid these errors?

Thank you very much for your help and appreciate your support.

ribbybibby commented 3 years ago

There are a few options. If you have the CA certificate you issued the certificates with, you could install it into the system certs where ssl_exporter is running, or pass it explicitly with tls_config.ca_file in a custom module configuration.

modules:
  tcp_self_signed:
    prober: tcp
    tls_config:
      ca_file: /etc/tls/ca.crt

Otherwise, you could disable verification with tls_config.insecure_skip_verify:

modules:
  tcp_insecure:
    prober: tcp
    tls_config:
      insecure_skip_verify: true

https://github.com/ribbybibby/ssl_exporter#configuration-file https://github.com/ribbybibby/ssl_exporter/blob/master/examples/ssl_exporter.yaml

guptaalok20 commented 3 years ago

@ribbybibby Thank you for you response.

I was able to verify the certs using the second option after mounting the paths.

Thank you so much.