Page MenuHomeMiraheze

Create automated Icinga check for validity of all TLS certificates on system
Open, NormalPublic

Description

Outage https://meta.miraheze.org/wiki/Special:IncidentReports/31 was caused by an old, expired root certificate. If we had an Icinga check covering all TLS certificates present on a system, Icinga could have alerted us and SRE would have been able to fix the root certificate before it expired.

Adding another actionable (from the incident report) here: "Write (or install) a command line utility looping over all certificates in a file, openssl x509'ing those certificates and returing the output."

Event Timeline

Paladox triaged this task as Normal priority.Jun 14 2020, 19:51