Skip to content

Latest commit

 

History

History
42 lines (26 loc) · 1.77 KB

README.md

File metadata and controls

42 lines (26 loc) · 1.77 KB

Certificate Monitor GitHub release (latest by date)

Cert Monitor is a CLI tool to discover and monitor X509 Certificates from various sources (TCP, HTTPS, SAML, JWK, Files). It is composed of a monitoring server that will periodically re-discover configured remote sources and expose the corresponding certificate expiration date as prometheus metrics. Additionally, it comes with a built-in CLI that allows to fetch certificates from ad-hoc remote sources and display some information about the certificates (Subject, Issuer, Expiration, PEM output).

Features

  • HTTPS and TCP (e.g. LDAPS) certificates discovery
  • Static PEM Certificate discovery
  • SAML Metadata Certificate (IDP and SP SSO descriptor) discovery
  • Scheduler: periodically re-loads HTTPS, TCP, Json Web Keys and SAML Metadata certificates
  • Exposes Certificate Expirations as Prometheus Metrics
  • (Alerting provided by Grafana: dashboards provided in grafana-dashboards/)
  • CLI: fetches certificate from remote sources (TCP, HTTPS, SAML, JWK) and display certificate information and PEM output

Install

See Install Documenation.

Validate Signature With Cosign

Make sure you have cosign installed locally (see Cosign Install).

Then you can use the ./verify_signature.sh in this repo:

./verify_signature.sh PATH_TO_DOWNLOADED_ARCHIVE TAG_VERSION

for example

$ ./verify_signature.sh  ~/Downloads/cert-monitor_1.4.2_Linux_x86_64.tar.gz v1.4.2

Checking Signature for version: v1.4.2
Verified OK

Documentation

Complete documentation can found here