blackbox_exporter icon indicating copy to clipboard operation
blackbox_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Added metric to return TLS Key Size and Information

Open djcode opened this issue 8 months ago • 1 comments

Adding this PR as a request for feedback. I feel this still needs some more testing and tweaking (I have only tested the TCP side of this, but HTTP and GRPC should work in theory)

I wanted more information around the key behind certificates gathered by blackbox exporter. This code adds a new metric.

GET /probe?module=tcps&target=facebook.com:443

probe_ssl_last_chain_key_bits{fingerprint_sha256="04ab30d58500a8615dd86dbe75b8489e2780bdb32047cbd3eabf5ec0a4452766",type="ec"} 256

GET /probe?module=tcps&target=twitter.com:443
probe_ssl_last_chain_key_bits{fingerprint_sha256="b5e60c61ac47a6eff6a54f54dcb46d65d51ff1f7e27356b541fe5a3ff4ce6db1",type="rsa"} 2048

In this output fingerprint_sha256 is a sha256sum of the raw public key from the certificate. This way, you can detect two certificates sharing the same key (or a certificate reissue not also rotating the key).

djcode avatar May 31 '24 21:05 djcode