Search documentation
Dashboard
Fault Injection
Experiments

Certificate Expiry

The Certificate Expiry experiment retrieves the certificate chain from the target host/port and validates that no certificates will expire within a given time frame. If there is no secure connection available, and therefore no certificates, this experiment will succeed.

Options

ParameterFlagRequiredDefaultVersionDescription
Length-l intFalse602.28.5The length of the experiment (seconds).
IP Addresses-i IP addressFalse2.28.5Only check traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24).
Hostnames-h hostnamesFalse2.28.5Only check traffic to these hostnames.
Remote Ports-p port numbersFalse4432.28.5Only check certificates from one of these remote ports. One port will be randomly selected. Also accepts port ranges (e.g. 8080-8085).
Not Less Than-n hoursFalse7202.28.5Check for certificates that are expiring within this number of hours.
ProvidersWebUI and API OnlyFalse2.28.5External service providers to affect.
TagsWebUI and API OnlyFalse2.28.5Only impact traffic to hosts running Gremlin clients associated with these tags.