Home Directory Plugins Network Protocols HTTP check_ssl_certificate

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com


Remember Me

Directory Tree


4 votes
check_ssl_certificateversion 1.2
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
This script checks the expiration of an SSL certificate.
This script will check SSL certificates to see if they have expired. It is known to work with imap (w/starttls), imaps, pop (w/starttls), pops, https, ldap (w/starttls) and ldaps. It requires the openssl program (from the OpenSSL toolkit). The current version is 1.2.
Reviews (4)
bywbwbwb, November 28, 2018
The full options are not shown in the plugin without viewing the source, so for reference here they are:

-a Additional parameters to send to openssl, like: -a "-servername www.example.com"
-c Critical value to alert on (days until expiration) like: -c 14
-h Help
-H Host (IP or domain name to connect to) like: -H www.example.com
-o Openssl binary path, like: -o /usr/bin/openssl
-p Optional port number (default 443) like: -p 443
-v Verbose
-V Version
-w Warning value to alert on (days until expiration) like: -c 21
bysmidaren, March 18, 2018
Good plugin but Vladimir's modified one is better since you also check a cert file.
Vladimir's plugin can be found here:

Thanks for the plugin.

I have extended it so that it can also check certificates in a file - plus a few minor improvements.

You are welcome to grab my version from https://subversion.ceres.auckland.ac.nz/BeSTGRID/df/scripts/check_ssl_certificate


PS: The set of changes in this
# 2014-03-26 Vladimir Mencl
# - add support for checking a certificate in the file (-f)
# - add option for supporting a full DN instead of just CN (-D)
# - support both 32-bit and 64-bit platforms with "use lib" path
# - move some verbose ouput under DEBUG (-d)
# - FIX: add missing exit for expired certificate as per comment on plugin
# page
# - use POSIX:floor() instead of int() for rounding daysLeft
# (not to get "0 days left" for certificates that just expired)

Vladimir Mencl, Ph.D.
E-Research Services and Systems Consultant
BlueFern Computing Services
University of Canterbury
Private Bag 4800
Christchurch 8140
New Zealand

Phone: +64 3 364 3012
Mobile: +64 21 997 352
Fax: +64 3 364 3002
bylexiyntax, May 4, 2011
2 of 2 people found this review helpful
Does exactly what I wanted, checking the date on ssl certificates and informing me if they are about to expire.

After expiration it reports the certificate as good. The culprit is a missing exit statement in the expired check; see the diff output below for a fix.

@@ -156,2 +156,3 @@
print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
} elsif ($daysLeft