expiring-certs.zeek

SSL

Generate notices when X.509 certificates over SSL/TLS are expired or going to expire soon based on the date and time values stored within the certificate.

Namespace:: SSL
Imports:: base/files/x509, base/frameworks/notice, base/protocols/ssl, base/utils/directions-and-hosts.zeek

Summary

Runtime Options

`SSL::notify_certs_expiration`: `Host` `&redef`	The category of hosts you would like to be notified about which have certificates that are going to be expiring soon.
`SSL::notify_when_cert_expiring_in`: `interval` `&redef`	The time before a certificate is going to expire that you would like to start receiving `SSL::Certificate_Expires_Soon` notices.

Redefinitions

Notice::Type: enum

SSL::Certificate_Expired: Indicates that a certificate’s NotValidAfter date has lapsed and the certificate is now invalid.
SSL::Certificate_Expires_Soon: Indicates that a certificate is going to expire within SSL::notify_when_cert_expiring_in.
SSL::Certificate_Not_Valid_Yet: Indicates that a certificate’s NotValidBefore date is future dated.

Detailed Interface

Runtime Options

SSL::notify_certs_expiration 

Type:: Host
Attributes:: &redef
Default:: LOCAL_HOSTS

The category of hosts you would like to be notified about which have certificates that are going to be expiring soon. By default, these notices will be suppressed by the notice framework for 1 day after a particular certificate has had a notice generated. Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS

SSL::notify_when_cert_expiring_in 

Type:: interval
Attributes:: &redef
Default:: 30.0 days

The time before a certificate is going to expire that you would like to start receiving SSL::Certificate_Expires_Soon notices.