Page MenuHomeMiraheze

Create automated Icinga check for validity of all TLS certificates on system
Open, LowPublic


Outage was caused by an old, expired root certificate. If we had an Icinga check covering all TLS certificates present on a system, Icinga could have alerted us and SRE would have been able to fix the root certificate before it expired.

Adding another actionable (from the incident report) here: "Write (or install) a command line utility looping over all certificates in a file, openssl x509'ing those certificates and returing the output."