Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
Directory Tree
check_ssl_certificate
This script will check SSL certificates to see if they have expired. It is known to work with imap (w/starttls), imaps, pop (w/starttls), pops, https, ldap (w/starttls) and ldaps. It requires the openssl program (from the OpenSSL toolkit). The current version is 1.2.
Reviews (4)
bywbwbwb, November 28, 2018
The full options are not shown in the plugin without viewing the source, so for reference here they are:
-a Additional parameters to send to openssl, like: -a "-servername www.example.com"
-c Critical value to alert on (days until expiration) like: -c 14
-h Help
-H Host (IP or domain name to connect to) like: -H www.example.com
-o Openssl binary path, like: -o /usr/bin/openssl
-p Optional port number (default 443) like: -p 443
-v Verbose
-V Version
-w Warning value to alert on (days until expiration) like: -c 21
-a Additional parameters to send to openssl, like: -a "-servername www.example.com"
-c Critical value to alert on (days until expiration) like: -c 14
-h Help
-H Host (IP or domain name to connect to) like: -H www.example.com
-o Openssl binary path, like: -o /usr/bin/openssl
-p Optional port number (default 443) like: -p 443
-v Verbose
-V Version
-w Warning value to alert on (days until expiration) like: -c 21
Good plugin but Vladimir's modified one is better since you also check a cert file.
Vladimir's plugin can be found here:
https://raw.githubusercontent.com/nesi/BeSTGRID-legacy/master/df/scripts/check_ssl_certificate
Vladimir's plugin can be found here:
https://raw.githubusercontent.com/nesi/BeSTGRID-legacy/master/df/scripts/check_ssl_certificate
byvladimir.mencl, March 25, 2014
Hi,
Thanks for the plugin.
I have extended it so that it can also check certificates in a file - plus a few minor improvements.
You are welcome to grab my version from https://subversion.ceres.auckland.ac.nz/BeSTGRID/df/scripts/check_ssl_certificate
Cheers,
Vlad
PS: The set of changes in this
# 2014-03-26 Vladimir Mencl
# - add support for checking a certificate in the file (-f)
# - add option for supporting a full DN instead of just CN (-D)
# - support both 32-bit and 64-bit platforms with "use lib" path
# - move some verbose ouput under DEBUG (-d)
# - FIX: add missing exit for expired certificate as per comment on plugin
# page
# - use POSIX:floor() instead of int() for rounding daysLeft
# (not to get "0 days left" for certificates that just expired)
--
Vladimir Mencl, Ph.D.
E-Research Services and Systems Consultant
BlueFern Computing Services
University of Canterbury
Private Bag 4800
Christchurch 8140
New Zealand
http://www.bluefern.canterbury.ac.nz
mailto:vladimir.mencl@canterbury.ac.nz
Phone: +64 3 364 3012
Mobile: +64 21 997 352
Fax: +64 3 364 3002
Thanks for the plugin.
I have extended it so that it can also check certificates in a file - plus a few minor improvements.
You are welcome to grab my version from https://subversion.ceres.auckland.ac.nz/BeSTGRID/df/scripts/check_ssl_certificate
Cheers,
Vlad
PS: The set of changes in this
# 2014-03-26 Vladimir Mencl
# - add support for checking a certificate in the file (-f)
# - add option for supporting a full DN instead of just CN (-D)
# - support both 32-bit and 64-bit platforms with "use lib" path
# - move some verbose ouput under DEBUG (-d)
# - FIX: add missing exit for expired certificate as per comment on plugin
# page
# - use POSIX:floor() instead of int() for rounding daysLeft
# (not to get "0 days left" for certificates that just expired)
--
Vladimir Mencl, Ph.D.
E-Research Services and Systems Consultant
BlueFern Computing Services
University of Canterbury
Private Bag 4800
Christchurch 8140
New Zealand
http://www.bluefern.canterbury.ac.nz
mailto:vladimir.mencl@canterbury.ac.nz
Phone: +64 3 364 3012
Mobile: +64 21 997 352
Fax: +64 3 364 3002
bylexiyntax, May 4, 2011
2 of 2 people found this review helpful
Does exactly what I wanted, checking the date on ssl certificates and informing me if they are about to expire.
After expiration it reports the certificate as good. The culprit is a missing exit statement in the expired check; see the diff output below for a fix.
@@ -156,2 +156,3 @@
print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
+ exit $ERRORS{'CRITICAL'};
} elsif ($daysLeft
After expiration it reports the certificate as good. The culprit is a missing exit statement in the expired check; see the diff output below for a fix.
@@ -156,2 +156,3 @@
print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
+ exit $ERRORS{'CRITICAL'};
} elsif ($daysLeft