X.509 Certificate Monitoring

Why use a Telegraf plugin for X.509 Certificate?

X.509 certificates are digital files that are used for Secure Sockets Layer (SSL) or Transport Layer Security (TLS). The SSL/TLS certificate is one of the most popular types of X.509 certificates and contains a public key and the identity of a hostname, organization, or individual. The X.509 Certificate Telegraf Input Plugin provides information about X.509 certificates accessible using the local file or network connection. This allows you to collect and track expiration of your certs to maintain availability of your services.

How to monitor X.509 Certificate using the Telegraf plugin

Configure your x509 Certificate Telegraf Input Plugin by setting the following:

• The source of your certificate
• The timeout values for the SSL connection
• Server name
• Optional: the TLS configuration

Key X.509 Certificate metrics to use for monitoring

Some of the important X.509 Certificate metrics that you should proactively monitor include:

• tags:
  • source - source of the certificate
  • organization
  • organizational_unit
  • country
  • province
  • locality
  • verification
  • serial_number
  • signature_algorithm
  • public_key_algorithm
  • issuer_common_name
  • issuer_serial_number
  • san
• fields:
  • verification_code (int)
  • verification_error (string)
  • expiry (int, seconds)
  • age (int, seconds)
  • startdate (int, seconds)
  • enddate (int, seconds)

Project URL   Documentation