feature request: check certificates from TCP connection

[volker-raschek]

Hello everyone,
I am very enthusiastic about the application, but I am missing a very important function, namely the monitoring of TLS certificates from a TCP connection.

Specifically, my setup uses external services whose TLS configuration I cannot control. For this reason, I can only view the certificate and check its validity from the TLS connection like the following example:

$ openssl s_client -connect google.com:443 -showcerts < /dev/null | grep NotAfter
Connecting to 172.217.16.206
depth=2 C=US, O=Google Trust Services LLC, CN=GTS Root R1
verify return:1
depth=1 C=US, O=Google Trust Services, CN=WR2
verify return:1
depth=0 CN=*.google.com
verify return:1
   v:NotBefore: Sep 30 14:36:26 2024 GMT; NotAfter: Dec 23 14:36:25 2024 GMT
DONE
   v:NotBefore: Dec 13 09:00:00 2023 GMT; NotAfter: Feb 20 14:00:00 2029 GMT
   v:NotBefore: Jun 19 00:00:42 2020 GMT; NotAfter: Jan 28 00:00:42 2028 GMT

Of course, it would be great if I could tell the certificate exporter about this TLS connection and it could also publish this information as a metric.

I would imagine something like this:

$ x509-certificate-exporter \
  --connection tcp://google.com:443
  --connection unix:///var/run/http.sock

What do you think of the idea, would it be feasible or would it not be accepted to realize?

Volker

[kossioni]

This would be a killer feature, this is what I was looking for when I saw this exporter but couldn't find it :)