Dependency TLS/SSL certificate expiration
.svg)
.svg)
Description
Check for expiring TLS certificates on your dependencies by advancing the system clock forward one day, one week, and one month. Detect certificates that will expire before they cause outages.
What this Scenario does
This Scenario advances the system clock forward by one day, one week, and one month, which triggers certificate validation on connections to your dependencies. This reveals any dependency TLS certificates that will expire within those time windows—giving you advance warning even for certificates you don't directly control.
Why run this Scenario?
- Proactively identify expiring certificates on external dependencies before they cause cascading outages.
- Validate that your services handle expired dependency certificates gracefully, with clear errors and alerts.
- Detect dependencies where you have no control over certificate renewal, so you can plan mitigation strategies.
- Verify that your dependency monitoring covers TLS certificate health, not just availability.
-
Expected outcome
If a dependency's TLS certificate expires without renewal, the dependent service fails gracefully and alerts trigger immediately.
