During Perform 2020, I believe it was stated that certificate expiration checks were in the works in terms of out of the box for Dynatrace if I heard it correctly. I believe it was just briefly mentioned without much detail.
We are actively moving more and more to GCP and would like to have such checks.
I know there is currently a plugin out there on GitHub by Julius Loman (thank you Julius!) to do such checks, however I have not yet tried it. Curious if because this is a plugin, if it consumes custom metrics? I am also not sure if this plugin will work in a GCP environment.
Before I do try the plugin approach, I was wondering if I am recalling that above information correctly?
If so, is there a timeline or more in depth details that will be coming soon around this functionality?
Solved! Go to Solution.
At the moment it only verifies certificates on TCP ports on the host where OneAgent is running. I'll extend it to cover also client-side keystores for certificates (jks at this time, probably also pfx/p12 in the future).
I'm not aware of any plans of Dynatrace having the check functionality built-in.
Thanks Julius! Appreciate the work on a plugin around this as well. I am 99% sure I heard something at Perform on stage specific to certificates expiring. Maybe I was hearing things which is very possible! lol.
Julius - I love your approach of OneAgent plugin monitoring. I have webservers with 20+ IPs all apache instances listening to 443. GitHub readme lists the limitation: "Opened TCP port bindings are retrieved from OneAgent and only local TCP ports are checked. Listening IP address is provided by OneAgent. Currently OneAgent supplies 127.0.0.1 as the listening IP address regardless of the actual TCP port binding."
Does this mean that the plugin knows what process owns a port, and will show the right cert on the process group, but may show 127.0.0.1 as the IP? Or do you mean that for boxes with multiple IPs and processes binding to 1 IP, the plugin can not tell process has the port?