[Feature]: Collect TLS certificate information #113
Description
Describe the feature request
I'd like to see information about certificates used by services support collector scrapes.
My idea for a first attempt would be to connect to default ports on localhost for all collected services. Just use openssl to get the basic information. Personally I don't see a problem with collecting the public certificate via curl/openssl but I can imagine some people having security concerns (justified or not).
But what I want to see:
- Certificate matched to service (so that you don't have to guess if it's an Icinga 2 API, Icinga Web 2 or some other service certificate)
- Expiry time
- Issuer (important to know whether it's managed by a built in CA or replaced by some self signed or company CA signed certificate)
- All names and IPs the certificate is valid for
I'd like to see this at least for the following (default ports to make things easier, maybe other ports should be planned for the future):
- Icinga 2 (5665)
- Icinga Web 2 (443)
- Kibana (5601)
- Elasticsearch (9200)
- Elasticsearch Cluster Interconnect (9300)
- Logstash Beats Input (5044)