监控Kafka SSL证书的有效性
监控Kafka SSL证书的有效性
提问于 2020-08-10 17:54:24
假设你有一个简单的Kafka集群,有3个Broker。您可以使用SSL证书进行客户端身份验证和Kafka ACL。此外,还为代理间通信启用了SSL。监控所用证书的有效性/期满的推荐方式是什么?
提前感谢!
回答 1
Stack Overflow用户
发布于 2020-08-13 17:24:04
目前,我只编写了一个小Java应用程序,它通过对每个使用的JKS文件进行以下方法的预定调用,来检查和检索在给定天数内过期的证书:
List<X509Certificate> getCertificatesThatExpireWithin(final int minCertsValidityInDays,
final File keystoreFile,final String keyStorePassword) throws MyAppException {
final List<X509Certificate> expiringCerts = new LinkedList<>();
final java.util.Date maxDateTime = java.util.Date.from(java.time.LocalDate.now()
.plusDays(minCertsValidityInDays).atStartOfDay(ZoneId.systemDefault()).toInstant());
try (final FileInputStream is = new FileInputStream(keystoreFile)) {
final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(is, keyStorePassword.toCharArray());
final Enumeration<String> keystoreAliases = keystore.aliases();
while (keystoreAliases.hasMoreElements()) {
final String alias = keystoreAliases.nextElement();
final Certificate cert = keystore.getCertificate(alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Cert = (X509Certificate) cert;
if (!x509Cert.getNotAfter().after(maxDateTime)) {
expiringCerts.add(x509Cert);
}
}
}
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e) {
LOGGER.error("Can not check the validity of the certificates in " + keystoreFile.getPath() + " due to", e);
throw new MyAppException(
"Can not check the validity of the certificates in " + keystoreFile.getPath() + " due to", e);
}
return expiringCerts;
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/63337928
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号