Skip to content

lscert | Move age thresholds block to debug messages #105

Closed
Closed
lscert | Move age thresholds block to debug messages#105
Assignees
atc0005
Labels
app/lscertoutput/logging
Milestone
v0.8.0
@atc0005

Description

@atc0005
atc0005
opened on May 19, 2022

Out of this output:

$ go run ./cmd/lscert/ --server www.google.com


=============================
CERTIFICATES | AGE THRESHOLDS
=============================

- WARNING:      Expires before 2022-06-18 11:10:18 +0000 UTC (30 days)
- CRITICAL:     Expires before 2022-06-03 11:10:18 +0000 UTC (15 days)


======================
CERTIFICATES | SUMMARY
======================

- OK: 3 certs found for service running on www.google.com (216.58.195.132) at port 443
- OK: Provided hostname "www.google.com" matches evaluated certificate
- OK: leaf cert "www.google.com" expires next with 69d 6h remaining (until 2022-07-27 17:40:04 +0000 UTC)
- OK: [EXPIRED: 0, EXPIRING: 0, OK: 3]


============================
CERTIFICATES | CHAIN DETAILS
============================

Certificate 1 of 3 (leaf):
        Name: CN=www.google.com
        SANs entries: [www.google.com]
        Issuer: CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
        Serial: 5B:0B:F1:C7:15:E8:C4:49:12:58:9B:1F:B4:58:8E:EE
        Issued On: 2022-05-04 17:40:05 +0000 UTC
        Expiration: 2022-07-27 17:40:04 +0000 UTC
        Status: [OK] 69d 6h remaining

Certificate 2 of 3 (intermediate):
        Name: CN=GTS CA 1C3,O=Google Trust Services LLC,C=US
        SANs entries: []
        Issuer: CN=GTS Root R1,O=Google Trust Services LLC,C=US
        Serial: 02:03:BC:53:59:6B:34:C7:18:F5:01:50:66
        Issued On: 2020-08-13 00:00:42 +0000 UTC
        Expiration: 2027-09-30 00:00:42 +0000 UTC
        Status: [OK] 1959d 12h remaining

Certificate 3 of 3 (intermediate):
        Name: CN=GTS Root R1,O=Google Trust Services LLC,C=US
        SANs entries: []
        Issuer: CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
        Serial: 77:BD:0D:6C:DB:36:F9:1A:EA:21:0F:C4:F0:58:D3:0D
        Issued On: 2020-06-19 00:00:42 +0000 UTC
        Expiration: 2028-01-28 00:00:42 +0000 UTC
        Status: [OK] 2079d 12h remaining

I don't know that this provides a lot of actionable value:

=============================
CERTIFICATES | AGE THRESHOLDS
=============================

- WARNING:      Expires before 2022-06-18 11:10:18 +0000 UTC (30 days)
- CRITICAL:     Expires before 2022-06-03 11:10:18 +0000 UTC (15 days)

When I copy output from lscert to share with others I find myself constantly trimming this. Perhaps add a flag to expose the thresholds?

Metadata

Metadata

Assignees

Labels

app/lscertoutput/logging

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions