Certificate Expiry Experiment
Privilege |
Description |
FAULT_COLLECT_CERTS | Allows performing certificate experiments |
The Certificate Expiry experiment retrieves the certificate chain from the target host/port and validates that no certificates will expire within a given time frame. If there is no secure connection available, and therefore no certificates, this experiment will succeed.
Note
You must specify either a hostname using -h <hostname> or an IP address using -i <IP address> . Gremlin will use the endpoint specified by these arguments as the subject of the test.
Options
Parameter | Flag | Required | Default | Version | Description |
---|
Length | -l int | False | 60 | 2.28.5 | The length of the experiment (seconds). |
IP Addresses | -i IP address | False | | 2.28.5 | Only check traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24 ). |
Hostnames | -h hostnames | False | | 2.28.5 | Only check traffic to these hostnames. |
Remote Ports | -p port numbers | False | 443 | 2.28.5 | Only check certificates from one of these remote ports. One port will be randomly selected. Also accepts port ranges (e.g. 8080-8085 ). |
Not Less Than | -n hours | False | 720 | 2.28.5 | Check for certificates that are expiring within this number of hours. |
Providers | WebUI and API Only | False | | 2.28.5 | External service providers to affect. |
Tags | WebUI and API Only | False | | 2.28.5 | Only impact traffic to hosts running Gremlin clients associated with these tags. |