SSL monitoring with elasticsearch

Expiry of our certificates over time
Endpoint grade repartition
  • Step 1 — Extract a list of all our records
octodns-export --config-file config/production.yaml --output-dir csv/ config
zone,type,record,ttl,value,geo,healthcheck
pornhub.com.,MX,.pornhub.com.,3600,"{u'preference': 10, u'exchange': 'smtp.pornhub.com.'}",,
pornhub.com.,TXT,default.pornhub.com.,3600,Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed at arcu molestie augue viverra porttitor ut ac odio.,,
pornhub.com.,A,blog.pornhub.com.,3600,111.111.111.111,,
pornhub.com.,CNAME,www.pornhub.com.,10800,pornhub.com.,,
pornhub.com.,CNAME,pl.pornhub.com.,10800,pornhub.com.,,
pornhub.com.,CNAME,de.pornhub.com.,10800,pornhub.com.,,
pornhub.com.,CNAME,cz.pornhub.com.,10800,pornhub.com.,,
pornhub.com.,CNAME,help.pornhub.com.,10800,.pornhub.com.,,
pornhub.com.,CNAME,es.pornhub.com.,10800,pornhub.com.,,
pornhub.com.,A,.pornhub.com.,3600,111.111.111.111,,
#!/bin/bashfind csv/ -type f | xargs -n1 -P4 awk -F',' '{gsub("*","star",$3); if (($2 == "A" || $2 == "CNAME" || $2 == "AAAA") && $3 !~ /stage|origin|ftp|sql|dev|mail|localhost/) print $3}' > domains.lst$ wc -l domains.lst
32957 domains.lst
  • Step 2 — Analyse each domain with Qualys SSLLabs-scan tool
# AWS Batch JSON job definition
{
"containerProperties": {
"image": "devops/ssllabs-scan:latest",
"vcpus": 1,
"memory": 2000,
"command": [
"-elasticsearch",
"-elastic_host",
"http://<host>:9200",
"-elastic_index",
"<index_name>",
"-usecache",
"<dns_record>"
]
}
}
# Docker command
docker run --rm devops/ssllabs-scan:latest -elasticsearch -elastic_host http://<host>:9200 -elastic_index <index_name> -usecache <dns_record>
  • Step 3 — Create visualizations in Kibana
Kibana dashboard with created from the Qualys ssllabs-scan results
  • Step 4 — Resolve all the issues

--

--

--

DevOps @ MindGeek Canada

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Firebase — Cloud Firestore

Transpiling Front-End Components

Jack’s Annual Review 2016

BinStarter Project Benefits

Pointers to be considered when performing API Testing

Accumulate Hackathon Promises Exciting Upgrades

Agile and a continuous improvement mindset

VISUAL STUDIO CODE (VSCODE) INSPIRED E-COMMERCE STORE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Fabrice Baumann

Fabrice Baumann

DevOps @ MindGeek Canada

More from Medium

Getting started with Prometheus Federation in Docker

Kubernetes in production

Using Kubernetes Certificate Signing Requests and RBAC for User Authentication and Authorization

Gitlab CI runner on Kubernetes cluster