TLS flow export - certificate management
Information
| Summary: |
Details about managing certificates on monitoring/listening ports when using TLS flow export. |
| Environment: |
Product: Flowmon OS Version: Any Platform: Any |
| Question/Problem Description: |
How to check certificate validity for flow export/collection in Flowmon OS? |
| Steps to Reproduce: | |
| Error Message: | |
| Defect Number: | FLMON-3648 |
| Enhancement Number: | |
| Cause: | |
| Resolution: |
Usage of TLS flow export requires uploading the key, certificate, and CA certificate to every monitoring and listening port. Certificate validity is being checked on the flow exporter side when initiating a new TCP connection to the collector. When the certificates are expired, the flow export is stopped. It is possible to check certificate validity in CLI. On the collector: openssl x509 -in /data/nfsen/etc/cert/<*.crt, *.pem> -text -noout On the probe: openssl x509 -in /etc/flowmon/cert/<*.crt, *.pem> -text -noout Replace <*.crt, *.pem> with the certificate name. |
| Workaround: | |
| Notes: |