Mods

turbot/net_insights

GitHub
Overview
7Dashboards
53Controls
26Queries
2Variables
GitHub
Loading controls...
On This Page
Description
Usage
Plugins & Tables
Params
SQL
Get Involved
Edit on GitHub
Discuss on Slack

Control: Ensure certificates have sufficient hostname coverage

Description

It is recommended that your certificates cover all the names you wish to use with a site, since you cannot control how your users arrive at the site or how others link to it. Make sure you have added all the necessary domain names to certificate's Subject Alternative Name (SAN).

Usage

Run the control in your terminal:

steampipe check net_insights.control.ssl_certificate_multiple_hostname

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.ssl_certificate_multiple_hostname

Plugins & Tables

net_certificate
Net plugin

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

select
  common_name as resource,
  case
    when jsonb_array_length(dns_names) > 1 then 'ok'
    else 'alarm'
  end as status,
  case
    when jsonb_array_length(dns_names) > 1 then common_name || ' has sufficient hostname coverage.'
    else common_name || ' don''t have sufficient hostname coverage.'
  end as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;