Cognito Recall currently tracks all certificates used in your network by extracting metadata from all network traffic. This is currently exposed in the metadata_x509* index in Recall, and this Dashboard leverages that data.
The dashboard contains 3 key metrics, showing the number of your certificates which are set to expire over the next 7, 30 and 60 days
Below this, we show 2 Data tables. The fields in these data tables are:
- Expiry Date - The date on which a given certificate will stop being valid.
- Certificate Subject - The information stored in this certificate, always including the domains it is valid on, and sometime including organisation information
- Server - The server on which this certificate was hosted, if the certificate is hosted on multiple servers, then each server will have its own row in the data table.
- Clients - The number of unique hosts that have accessed this certificate
- Hits - The total number of uses of this certificate across all clients.
The left table orders expiring certificates by date.
The right table shows the most used certificates that expire in the next 30 days.
By default, the dashboard will only show externally facing certificates, but this can easily be switched by disabling the local_orig:false filter pill in the top left corner. It is not possible to disable this pill by default.
This dashboard is available by pivoting to Cognito Recall, click on "Dashboards" on the left hand side, and clicking on “Certificate Expiry Dashboard”.