1. Proposed Title of this Feature Request:

Comprehensive Certificate Lifecycle Monitoring and Alerting via Prometheus

2. What is the nature and description of the request?
The customer is requesting an enhanced capability to monitor and manage certificates within the Red Hat ecosystem. This includes:

Exporting certificate metadata as Prometheus metrics, including:

Certificate validity period (e.g., 30 days, 1 year, 5 years)

Time remaining before expiration

Whether the certificate is configured for auto-rotation or requires manual intervention

Triggering Prometheus alerts when a certificate is approaching expiration and has not been rotated within the expected window.

Providing a structured, tabular view of all deployed certificates detailing:

Whether auto-renewal is supported

Manual renewal instructions (if applicable)

Certificate function and impact if expired

Renewal window and lifecycle policy

Including fallback manual procedures for all auto-renewed certificates in case automation fails.

This request aims to provide visibility, compliance, and operational continuity around certificate management in production environments.

3. Why does the customer need this? (List the business requirements here)

Proactive Risk Mitigation: Expired or unrotated certificates can lead to system outages or security risks. Monitoring via Prometheus ensures proactive visibility.

Compliance and Auditability: Customers need traceable data for audits and compliance reporting on certificate management.

Operational Transparency: Knowing which certificates are auto-renewed vs. manual helps in better planning and incident response.

Resilience: In scenarios where automation fails, having manual fallback instructions ensures uptime and business continuity.

Alerting and Observability: Prometheus-based metrics and alerting enable seamless integration into existing observability platforms and workflows.

4. List any affected packages or components.

Following is direct ask from customer:

1. we want all certificates to be tracked via prometheus metric which includes certificates window (30d, 1year and 5 year etc) its rotation time and if it doesnt get rotated within the window fire an alert.
2. 
   It is better to create a tabular format for all the details below
   • 
     What all the certificates are Auto renewed and what all certs need Manual intervention, please provide the functionality of certificate (Worst case, what happens if the cert expires)

   • Provide lifetime of each category of certificate, and when does auto-renewal kicks in before the cert expires.

   • 
     Automation can fail due to many reasons, for all the auto-renewed certificates provide a manual procedure if the cert fails to auto-renew

OpenShift