Gremlin Docs Logo
Go to app
Quick Start Guides
AWS Quick Start Guide
Reliability Management (RM) Quick Start Guide
Getting Started
Compatibility
Installing the Gremlin Agent
Authenticating the Gremlin Agent
Configuring the Gremlin Agent
Enabling DNS collection
Enabling AWS PrivateLink
Platform
Private Network Integration Agent
Reliability Intelligence
Managing the Gremlin Agent
Updating Gremlin
Managing Users and Teams
Configuring Role Based Access Control (RBAC)
User Authentication via SAML and Okta
Managing Kubernetes namespaces
Integrations
Health Checks
Restricting Testing Times
Command Line Interface
Reports
Managing running, scheduled, and past experiments
Gremlin Private Edition
Reliability Management
Services and Dependencies
Detected Risks
Test Suites
Reliability Tests
Reliability Score
Fault Injection
Targets
Experiments
Scenarios
GameDays
Failure Flags
Failure Flags
Deploying Failure Flags on AWS Lambda
Deploying Failure Flags on AWS ECS
Deploying Failure Flags on Kubernetes
Deploying Failure Flags on the Istio service mesh via Envoy
Deploying Failure Flags on Pivotal Cloud Foundry (PCF)
Installing the Failure Flags SDK
Running Failure Flags experiments
API Reference
Getting started with the Gremlin API
API reference: Classes, methods, & attributes
API examples
Security
Security
Container security
Release Notes
GeneralLinuxIntegration Agent for LinuxWindowsChaoHelmFailure Flags: SidecarFailure Flags: Lambda Extension
Resources
Gremlin User Community SlackBlogTutorialsGlossary
Start your 30 day free trial.
START FOR FREE
Docs Home
Fault Injection
Certificate Expiry Experiment

Certificate Expiry Experiment

Supported platforms:

Linux
,
Windows
,
Containers
,
Kubernetes
,

The Certificate Expiry experiment retrieves the certificate chain from the target host/port and validates that no certificates will expire within a given time frame. If there is no secure connection available, and therefore no certificates, this experiment will succeed.

This experiment requires you to specify either a hostname or IPaddress. Gremlin will use the endpoint specified by these arguments as the subject of the test.

Options

Parameter Flag Default Version Description
Length -l int 60 2.28.5 The length of the experiment (seconds).
IP Addresses -i IP address 2.28.5 Only check traffic to these IP addresses. Also accepts CIDR values (i.e. 10.0.0.0/24).
Hostnames -h hostnames 2.28.5 Only check traffic to these hostnames.
Remote Ports -p port numbers 443 2.28.5 Only check certificates from one of these remote ports. One port will be randomly selected. Also accepts port ranges (e.g. 8080-8085).
Not Less Than -n hours 720 2.28.5 Check for certificates that are expiring within this number of hours.
Providers WebUI and API Only 2.28.5 External service providers to affect.
Tags WebUI and API Only 2.28.5 Only impact traffic to hosts running Gremlin clients associated with these tags.

Privileges required

Privilege Description
FAULT_COLLECT_CERTSAllows performing certificate experiments

Blackhole Experiment
Previous
Previous
Latency Experiment
Next
Next
On this page
Back to top