Loading controls...
Control: Certificate common names should be listed in subject alternative name (SAN)
Description
The common name or subject alternative name (SAN) of your SSL/TLS Certificate should match the domain or address bar in the browser.
Usage
Run the control in your terminal:
steampipe check net_insights.control.ssl_certificate_domain_name_mismatch
Snapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share net_insights.control.ssl_certificate_domain_name_mismatch
Plugins & Tables
Params
Args | Name | Default | Description | Variable |
---|---|---|---|---|
$1 | domain_names |
| DNS domain names. |
SQL
select common_name as resource, case when dns_names ? common_name or dns_names ? concat('*.', common_name) then 'ok' else 'alarm' end as status, case when dns_names ? common_name or dns_names ? concat('*.', common_name) then common_name || ' listed in certificate''s SAN.' else common_name || ' not listed in certificate''s SAN.' end as reasonfrom net_certificatewhere domain in ( select jsonb_array_elements_text(to_jsonb($1 :: text [ ])) )order by common_name;