Start your 30 day free trial.
START FOR FREE
Docs Home

Certificate Expiry Experiment

No items found.

The Certificate Expiry experiment retrieves the certificate chain from the target host/port and validates that no certificates will expire within a given time frame. If there is no secure connection available, and therefore no certificates, this experiment will succeed.

Note
You must specify either a hostname using -h <hostname> or an IP address using -i <IP address> . Gremlin will use the endpoint specified by these arguments as the subject of the test.

Options

ParameterFlagRequiredDefaultVersionDescription
Length-l intFalse602.28.5The length of the experiment (seconds).
IP Addresses-i IP addressFalse2.28.5Only check traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24).
Hostnames-h hostnamesFalse2.28.5Only check traffic to these hostnames.
Remote Ports-p port numbersFalse4432.28.5Only check certificates from one of these remote ports. One port will be randomly selected. Also accepts port ranges (e.g. 8080-8085).
Not Less Than-n hoursFalse7202.28.5Check for certificates that are expiring within this number of hours.
ProvidersWebUI and API OnlyFalse2.28.5External service providers to affect.
TagsWebUI and API OnlyFalse2.28.5Only impact traffic to hosts running Gremlin clients associated with these tags.
On this page
Back to top