Skip to content

Monitor certificates from truststore in SslMeterBinder#49641

Merged
mhalbritter merged 2 commits into
spring-projects:mainfrom
bbbbooo:monitor-truststore-certificates
Apr 21, 2026
Merged

Monitor certificates from truststore in SslMeterBinder#49641
mhalbritter merged 2 commits into
spring-projects:mainfrom
bbbbooo:monitor-truststore-certificates

Conversation

@bbbbooo
Copy link
Copy Markdown
Contributor

@bbbbooo bbbbooo commented Mar 18, 2026

Problem

SslMeterBinder currently publishes expiry metrics only for certificate chains from the key store.

As a result, trust store certificate chains are not included in ssl.chain.expiry metrics and their expiry cannot be monitored.

When the same chain alias exists in both the key store and trust store, the metrics also need a way to distinguish their source.

Changes

Update SslMeterBinder to publish expiry metrics for trust store certificate chains in addition to key store chains.

Add a store tag with values key and trust so that key store and trust store metrics can be distinguished.

Update the reference documentation for ssl.chain.expiry to describe trust store coverage and the new tag.

Tests

Added/updated tests to cover.

  • trust store-only bundle registration
  • key store and trust store metrics with the same chain aliases
  • trust store metric updates when bundles are registered and updated after binder construction

Fixes #49325

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 18, 2026
@bbbbooo
Copy link
Copy Markdown
Contributor Author

bbbbooo commented Apr 7, 2026

I believe I’ve addressed the earlier feedback, but please let me know if there’s anything else I should update.
Thanks!

@bbbbooo @mhalbritter
Monitor truststore certificates in SslMeterBinder
f169bf8 
See spring-projectsgh-49641

Signed-off-by: bbbbooo <hyeons1213@gmail.com>
@mhalbritter mhalbritter self-assigned this Apr 21, 2026
@mhalbritter mhalbritter added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Apr 21, 2026
@mhalbritter mhalbritter added this to the 4.1.0-RC1 milestone Apr 21, 2026
@mhalbritter mhalbritter mentioned this pull request Apr 21, 2026
Closed
@mhalbritter mhalbritter changed the title Monitor truststore certificates in SslMeterBinder Monitor certificates from truststore in SslMeterBinder Apr 21, 2026
@mhalbritter mhalbritter force-pushed the monitor-truststore-certificates branch from b13025c to b21ade1 Compare April 21, 2026 10:38
@mhalbritter mhalbritter merged commit 29bc194 into spring-projects:main Apr 21, 2026
2 of 3 checks passed
@mhalbritter
Copy link
Copy Markdown
Contributor

mhalbritter commented Apr 21, 2026

Thanks @bbbbooo !

@bbbbooo bbbbooo deleted the monitor-truststore-certificates branch April 24, 2026 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jonatan-ivanov jonatan-ivanov jonatan-ivanov left review comments

Assignees

@mhalbritter mhalbritter

Labels

type: enhancement A general enhancement

Projects

None yet

Milestone

4.1.0-RC1

Development

Successfully merging this pull request may close these issues.

Monitor certificates from truststore in SslMeterBinder

4 participants

@bbbbooo @mhalbritter @jonatan-ivanov @spring-projects-issues