[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The day I lost my job due to monit

From: address@hidden
Subject: Re: The day I lost my job due to monit
Date: Tue, 8 Dec 2020 19:11:55 +0100

Sure, I admit I sought for a kind of a sensational headline. Monit is a
great tool which surveils the services of this company since many years
and alarmed us for many serious problems.

The more important line is the last sentence: There is room for
improvement. Since I wasn't into C since more than a decade, I am sorry
that I cannot really contribute to Monit, otherwise I would. I remember
that it was roughly 400 lines of PHP code which made a reliable check of
the TLS certificate chain and against the trust store in /etc/ssl/certs.
What I want to give to the developers of Monit is this idea so they may
improve this great tool even more.

Kind regards,

rex kogitans

Am 04.12.20 um 20:03 schrieb Paul Theodoropoulos:
You did not lose your job due to Monit, and you know that - you
clearly described what the proximate cause was of your losing your
job. It makes for a 'sensational' headline, but blaming it on Monit is

On 12/4/2020 7:52 AM, wrote:
I configured monit to monitor the TLS certificate validity of all of our
highly productive websites. To all websites, the unnecessary full
certificate (without root CA) was installed. However, on 30th of May
2020 one of the chain certificates (COMODO) ran out of its validity
period. Obviously monit only checks for the server certificate, that's
why the check did not notice this, and such a check is completely
pointless. It led to a massive damage to my company, and since I was to
deal with monitoring as well as TLS certificates, I had to move on to
find a new job.

During the notice period, I implemented an own check in PHP and let
monit execute this PHP program to check TLS certificates. This PHP
program did not just check the entire chain, but also the chain against
the system's own trust store (in /etc/ssl/certs). I think it would be an
interesting feature to deal with TLS certificates like this in monit in
order to avoid more people losing the jobs.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]