turbot/net_insights
GitHub
Loading controls...

Control: Certificates should not be revoked

Description

Check for certificate revocation on a server describes if the certificate being used has been revoked by the certificate authority before it was set to expire. It is recommended not to use revoked certificate since they are no longer trustworthy.

Usage

Run the control in your terminal:

steampipe check net_insights.control.ssl_certificate_not_revoked

Snapshot and share results via Steampipe Cloud:

steampipe login
steampipe check --share net_insights.control.ssl_certificate_not_revoked

Plugins & Tables

Params

ArgsNameDefaultDescriptionVariable
$1domain_names
["github.com","microsoft.com"]
DNS domain names.

SQL

select
common_name as resource,
case
when revoked then 'alarm'
else 'ok'
end as status,
case
when revoked then common_name || ' certificate was revoked.'
else common_name || ' certificate is not revoked.'
end as reason
from
net_certificate
where
domain in (
select
jsonb_array_elements_text(to_jsonb($1 :: text [ ]))
)
order by
common_name;