Reports Certificate Serial number

Adds `serialnumber` to `probe_ssl_last_chain_info`

Output looks like

Test: `curl -s http://localhost:9115/probe\?target\=https://example.com\&module\=http_2xx`

```
probe_ssl_last_chain_info{fingerprint_sha256="efba26d8c1ce3779ac77630a90f82163a3d6892ed6afee408672cf19eba7a362",issuer="CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1,O=DigiCert Inc,C=US",serialnumber="075bcef30689c8addf13e51af4afe187",subject="CN=www.example.org,O=Internet Corporation for Assigned Names and Numbers,L=Los Angeles,ST=California,C=US",subjectalternative="www.example.org,example.net,example.edu,example.com,example.org,www.example.com,www.example.edu,www.example.net"} 1
```

Relates to #1103

Author: rhys-evans

prober/grpc.go

@@ -109,7 +109,7 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr
 				Name: "probe_ssl_last_chain_info",
 				Help: "Contains SSL leaf certificate information",
 			},
-			[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"},
+			[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative", "serialnumber"},
 		)
 	)
 
@@ -206,7 +206,7 @@ func ProbeGRPC(ctx context.Context, target string, module config.Module, registr
 			isSSLGauge.Set(float64(1))
 			probeSSLEarliestCertExpiryGauge.Set(float64(getEarliestCertExpiry(&tlsInfo.State).Unix()))
 			probeTLSVersion.WithLabelValues(getTLSVersion(&tlsInfo.State)).Set(1)
-			probeSSLLastInformation.WithLabelValues(getFingerprint(&tlsInfo.State), getSubject(&tlsInfo.State), getIssuer(&tlsInfo.State), getDNSNames(&tlsInfo.State)).Set(1)
+			probeSSLLastInformation.WithLabelValues(getFingerprint(&tlsInfo.State), getSubject(&tlsInfo.State), getIssuer(&tlsInfo.State), getDNSNames(&tlsInfo.State), getSerialNumber(&tlsInfo.State)).Set(1)
 		} else {
 			isSSLGauge.Set(float64(0))
 		}

prober/http.go

@@ -273,7 +273,7 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 				Name: "probe_ssl_last_chain_info",
 				Help: "Contains SSL leaf certificate information",
 			},
-			[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"},
+			[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative", "serialnumber"},
 		)
 
 		probeTLSVersion = prometheus.NewGaugeVec(
@@ -647,7 +647,7 @@ func ProbeHTTP(ctx context.Context, target string, module config.Module, registr
 		probeTLSVersion.WithLabelValues(getTLSVersion(resp.TLS)).Set(1)
 		probeTLSCipher.WithLabelValues(getTLSCipher(resp.TLS)).Set(1)
 		probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(resp.TLS).Unix()))
-		probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS)).Set(1)
+		probeSSLLastInformation.WithLabelValues(getFingerprint(resp.TLS), getSubject(resp.TLS), getIssuer(resp.TLS), getDNSNames(resp.TLS), getSerialNumber(resp.TLS)).Set(1)
 		if httpConfig.FailIfSSL {
 			logger.Error("Final request was over SSL")
 			success = false

prober/tcp.go

@@ -113,7 +113,7 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
 			Name: "probe_ssl_last_chain_info",
 			Help: "Contains SSL leaf certificate information",
 		},
-		[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative"},
+		[]string{"fingerprint_sha256", "subject", "issuer", "subjectalternative", "serialnumber"},
 	)
 	probeTLSVersion := prometheus.NewGaugeVec(
 		probeTLSInfoGaugeOpts,
@@ -147,7 +147,7 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
 		probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix()))
 		probeTLSVersion.WithLabelValues(getTLSVersion(&state)).Set(1)
 		probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(&state).Unix()))
-		probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1)
+		probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state), getSerialNumber(&state)).Set(1)
 	}
 	scanner := bufio.NewScanner(conn)
 	for i, qr := range module.TCP.QueryResponse {
@@ -216,7 +216,7 @@ func ProbeTCP(ctx context.Context, target string, module config.Module, registry
 			probeSSLEarliestCertExpiry.Set(float64(getEarliestCertExpiry(&state).Unix()))
 			probeTLSVersion.WithLabelValues(getTLSVersion(&state)).Set(1)
 			probeSSLLastChainExpiryTimestampSeconds.Set(float64(getLastChainExpiry(&state).Unix()))
-			probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state)).Set(1)
+			probeSSLLastInformation.WithLabelValues(getFingerprint(&state), getSubject(&state), getIssuer(&state), getDNSNames(&state), getSerialNumber(&state)).Set(1)
 		}
 	}
 	return true

prober/tls.go

@@ -17,6 +17,7 @@ import (
 	"crypto/sha256"
 	"crypto/tls"
 	"encoding/hex"
+	"fmt"
 	"strings"
 	"time"
 )
@@ -69,6 +70,17 @@ func getLastChainExpiry(state *tls.ConnectionState) time.Time {
 	return lastChainExpiry
 }
 
+func getSerialNumber(state *tls.ConnectionState) string {
+	cert := state.PeerCertificates[0]
+	// Actual serial number = 0B:FF:BC5:11:F1:90:7D:02:AF:71:9A:FC:D6:4F:B2:53
+	// serialNumber := cert.SerialNumber.Text(16) // drops leading zeros outputs = BFFBC511F1907D02AF719AFCD64FB253 in lower case, telgraf follows this https://github.com/influxdata/telegraf/blob/a9c91f162ddbe453364f68a89799535c43328a3c/plugins/inputs/x509_cert/x509_cert.go#L218
+	// https://github.com/atc0005/check-cert retains the leading zero with some aditional formatting
+
+	serialNumber := strings.ToLower(fmt.Sprintf("%X", cert.SerialNumber.Bytes()))
+
+	return serialNumber
+}
+
 func getTLSVersion(state *tls.ConnectionState) string {
 	switch state.Version {
 	case tls.VersionTLS10: