Add expiration time of client certificates to the Sessions page with warning if expiration is close to now #99584
Labels
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
Comments
smcvey
added
the
C-enhancement
|
Since the client certs are managed by the customers in their own cert management tooling, those should be tracked through those tools rather than through CRDB. We don't even store client certs in CRDB, but only have access to the CA cert that's used to sign those certs. |
|
Is #103592 enough to resolve this? It adds a metric, but not a warning to the Sessions page. cc @cameronnunez |
|
My understanding was that the metric was a must-have, I think having it visible in DB Console was a "nice-to-have." Not sure if we still need to do the latter cc @sean- |
|
No longer a priority |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Over time, client certificates will expire. It's easy to forget to regularly renew them and then run into an issue where a connecting application can no longer connect, creating downtime.
Describe the solution you'd like
The expiration date/time should be shown in the Sessions page in the DBConsole. Make it prominent (red warning) if the expiration is within a month or so.
relates to #99422
Jira issue: CRDB-25954
The text was updated successfully, but these errors were encountered: