Provide notice to users if a certificate is invalid or expired.
See full description in parent Epic.
This issue is intended to cover how we can notify users when there is an issue with the certificates being monitored. At a minimum, this should be a new screen that users can navigate to and read.
Consider if there are other notification methods that also make sense to do, such as creating an issue or creating an [Incident].(https://docs.gitlab.com/ee/user/project/integrations/prometheus.html#taking-action-on-incidents-ultimate)
-
If that is a big piece of work, split that out into new issues.
-
For the purposes of what is considered "invalid" or "expired", desired behavior is to closely replicate what an end-user using a web browser would see if they manually visited the site. That is, if the page would display a warning in Firefox or another browser about certs, this alert should be sent.
-
Valid Root CAs should be those that are installed by default in web browsers
UX for new screen
- Report should live under a new section in Security & Compliance
- Report should list:
- Each detected SSL/TLS cert
- Validity Status
- Expired
- Invalid cert
- Expiring soon (proposal: within 90 days)
- Valid
- Expiration time
- Any other relevant metadata