X.509 certificates monitoring with Netdata

What are X.509 certificates?

X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure protocol for browsing the web. They are also used in offline applications, like electronic signatures.

Monitoring X.509 certificates with Netdata

The prerequisites for monitoring x509certificates with Netdata are to have x509certificates and Netdata installed on your system.

Netdata auto discovers hundreds of services, and for those it doesn’t turning on manual discovery is a one line configuration. For more information on configuring Netdata for x509certificates monitoring please read the collector documentation.

You should now see the x509certificates section on the Overview tab in Netdata Cloud already populated with charts about all the metrics you care about.

Netdata has a public demo space (no login required) where you can explore different monitoring use-cases and get a feel for Netdata.

What X.509 metrics are important to monitor - and why?

Time Until Expiration

Time Until Expiration is a metric that monitors the remaining validity of a given X509 certificate, expressed in days. It is important to monitor this metric because a certificate is only valid for a specific period of time, and any communication that relies on that certificate will fail when the certificate expires. If a certificate is close to its expiration date, it is important to renew it in a timely manner to avoid any disruptions. The normal value range for this metric could be anything from days to months depending on the certificate’s validity period.

Revocation Status

Revocation Status is a metric that monitors whether or not a given X509 certificate has been revoked. This metric is important to monitor because if a certificate has been revoked, any communication that relies on that certificate will fail. Revocation can happen for a variety of reasons, such as when the certificate was issued to an unauthorized entity. The normal value for the Revocation Status metric should be “OK” or “Not Revoked”.

Get Netdata

Sign up for free

Want to see a demonstration of Netdata for multiple use cases?

Go to Live Demo