Closed Bug 1303850 Opened 8 years ago Closed 8 years ago

Create alert when HPKP certificates are close to expiry

Categories

(Release Engineering :: General, defect)

Product:
Release Engineering
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: catlee, Assigned: sfraser)

References

Details

We need to know if the certificate pins are going to expire soon. Right now these are compiled into the product from this code: http://hg.mozilla.org/releases/mozilla-aurora/rev/66754db69a70#l1.13 We need to know if the pins are going to expire on any of our release branches (nightly, aurora, beta, release, esr) within some threshold.
This could be implemented as a nagios alert that runs a custom check. The check could fetch that file from the various repositories (mozilla-central, mozilla-aurora, mozilla-beta, mozilla-release, and mozilla-esr*) and check that the expiry date is more than 30 days in the future. If the expiry date is too close, then the script should exit with nagios-appropriate status code and output.
Assignee: nobody → sfraser
Have created Bug 1307145 to discuss deployment with the moc
Alerts are set in the 'build' hostgroup
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
See Also: → 1376075
Component: General Automation → General
You need to log in before you can comment on or make changes to this bug.