Fault Injection
ExperimentsCertificate Expiry
The Certificate Expiry experiment retrieves the certificate chain from the target host/port and validates that no certificates will expire within a given time frame. If there is no secure connection available, and therefore no certificates, this experiment will succeed.
Note
You must specify either a hostname using -h <hostname>
or an IP address using -i <IP address>
. Gremlin will use the endpoint specified by these arguments as the subject of the test.Options
Parameter | Flag | Required | Default | Version | Description |
---|---|---|---|---|---|
Length | -l int | False | 60 | 2.28.5 | The length of the experiment (seconds). |
IP Addresses | -i IP address | False | 2.28.5 | Only check traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24 ). | |
Hostnames | -h hostnames | False | 2.28.5 | Only check traffic to these hostnames. | |
Remote Ports | -p port numbers | False | 443 | 2.28.5 | Only check certificates from one of these remote ports. One port will be randomly selected. Also accepts port ranges (e.g. 8080-8085 ). |
Not Less Than | -n hours | False | 720 | 2.28.5 | Check for certificates that are expiring within this number of hours. |
Providers | WebUI and API Only | False | 2.28.5 | External service providers to affect. | |
Tags | WebUI and API Only | False | 2.28.5 | Only impact traffic to hosts running Gremlin clients associated with these tags. |