Control: Certificates should not be revoked

Description

Check for certificate revocation on a server describes if the certificate being used has been revoked by the certificate authority before it was set to expire. It is recommended not to use revoked certificate since they are no longer trustworthy.

Usage

Run the control in your terminal:

powerpipe control run net_insights.control.ssl_certificate_not_revoked

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run net_insights.control.ssl_certificate_not_revoked --share

Steampipe Tables

net_certificate

Params

Args	Name	Default	Description	Variable
$1	domain_names	`["github.com","microsoft.com"]`	DNS domain names.	domain_names

SQL

select
  common_name as resource,
  case
    when revoked then 'alarm'
    else 'ok'
  end as status,
  case
    when revoked then common_name || ' certificate was revoked.'
    else common_name || ' certificate is not revoked.'
  end as reason
from
  net_certificate
where
  domain in (
    select
      jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
  )
order by
  common_name;