TLS flow export - certificate management
Details about managing certificates on monitoring/listening ports when using TLS flow export.
Product: Flowmon OS
How to check certificate validity for flow export/collection in Flowmon OS?
|Steps to Reproduce:|
Usage of TLS flow export requires uploading the key, certificate, and CA certificate to every monitoring and listening port.
Certificate validity is being checked on the flow exporter side when initiating a new TCP connection to the collector. When the certificates are expired, the flow export is stopped.
It is possible to check certificate validity in CLI.
On the collector:
openssl x509 -in /data/nfsen/etc/cert/<*.crt, *.pem> -text -noout
On the probe:
openssl x509 -in /etc/flowmon/cert/<*.crt, *.pem> -text -noout
Replace <*.crt, *.pem> with the certificate name.