(Aside: your text is almost unreadable in that font/colour combination. Try viewing it at https://groups.google.com/g/prometheus-users/c/hpNrqYrHeiQ to see what I mean)
*In this case we are trying to probe a site that requires client certificate, i am "intentionally" not sending the certificate via tls_config due to some security constraints. The only thing i am interested in this probe is the certificate expiry datesimilar to what we get when we execute "curl - iv https://myservice.sss.aaa.net/"image* I think you'd have to modify blackbox_exporter, or write your own exporter, for this use case. The Go HTTP(S) client is returning an error because it fails to complete the TLS negotiation: the server requires you to authenticate with a client private key and certificate, and you didn't provide one. But you're only interested in whether it got as far as the server authenticating itself with its own certificate. I haven't tested it, but I expect you'd need to configure your own net/http Transport <https://pkg.go.dev/net/http#Transport> and crypto.tls Config <https://pkg.go.dev/crypto/tls#Config> with your own VerifyPeerCertificate to stash the cert expiry time somewhere, then ignore the error from the rest of the negotiation. Or you could write a shell script that does what you want, run it periodically from cron, and stash the results in a metrics file for node_exporter textfile collector to pick up. Incidentally, you'd be much better off not using "insecure_skip_verify", but instead provide the certificate of the root CA which signed the server's certificate (which would be the server's certificate itself, if it's self-signed). This does not have any security implication; the certificate contains only a public key. -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/5a1c2493-c1be-4472-a0b2-0cb42b3709a4n%40googlegroups.com.
