Fault Injection
ExperimentsCertificate Expiry
The Certificate Expiry experiment retrieves the certificate chain from the target host/port and validates that no certificates will expire within a given time frame. If there is no secure connection available, and therefore no certificates, this experiment will succeed.
Note
You must specify either a hostname using -h <hostname> or an IP address using -i <IP address>. Gremlin will use the endpoint specified by these arguments as the subject of the test.Options
| Parameter | Flag | Required | Default | Version | Description |
|---|---|---|---|---|---|
| Length | -l int | False | 60 | 2.28.5 | The length of the experiment (seconds). |
| IP Addresses | -i IP address | False | 2.28.5 | Only check traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24). | |
| Hostnames | -h hostnames | False | 2.28.5 | Only check traffic to these hostnames. | |
| Remote Ports | -p port numbers | False | 443 | 2.28.5 | Only check certificates from one of these remote ports. One port will be randomly selected. Also accepts port ranges (e.g. 8080-8085). |
| Not Less Than | -n hours | False | 720 | 2.28.5 | Check for certificates that are expiring within this number of hours. |
| Providers | WebUI and API Only | False | 2.28.5 | External service providers to affect. | |
| Tags | WebUI and API Only | False | 2.28.5 | Only impact traffic to hosts running Gremlin clients associated with these tags. |