Home Directory Plugins Network Protocols HTTP check_ssl_certificate

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com


Remember Me


4 votes
check_ssl_certificateversion 1.2

Help Support Ethan Galstad's New Project:

Help Support Ethan

A Message From The Founder...

As the founder of Nagios, I'm asking for your help in a cause that's dear to my heart.

I'm launching a new project to help better the world by providing the information, ideas, and inspiration that I believe can improve the lives of people everywhere.

I know you're busy managing networks, but I would appreciate it if you would consider liking my Facebook page and showing your support for the content and messages I produce by sharing them with your friends and family.

You can learn more about my project by visiting ethangalstad.me/nagios. Thank you for your time. I wish you all the best in your endeavors, whatever they may be.

- Ethan

This script checks the expiration of an SSL certificate.
This script will check SSL certificates to see if they have expired. It is known to work with imap (w/starttls), imaps, pop (w/starttls), pops, https, ldap (w/starttls) and ldaps. It requires the openssl program (from the OpenSSL toolkit). The current version is 1.2.
Reviews (4)
bywbwbwb, November 28, 2018
The full options are not shown in the plugin without viewing the source, so for reference here they are:

-a Additional parameters to send to openssl, like: -a "-servername www.example.com"
-c Critical value to alert on (days until expiration) like: -c 14
-h Help
-H Host (IP or domain name to connect to) like: -H www.example.com
-o Openssl binary path, like: -o /usr/bin/openssl
-p Optional port number (default 443) like: -p 443
-v Verbose
-V Version
-w Warning value to alert on (days until expiration) like: -c 21
bysmidaren, March 18, 2018
Good plugin but Vladimir's modified one is better since you also check a cert file.
Vladimir's plugin can be found here:

Thanks for the plugin.

I have extended it so that it can also check certificates in a file - plus a few minor improvements.

You are welcome to grab my version from https://subversion.ceres.auckland.ac.nz/BeSTGRID/df/scripts/check_ssl_certificate


PS: The set of changes in this
# 2014-03-26 Vladimir Mencl
# - add support for checking a certificate in the file (-f)
# - add option for supporting a full DN instead of just CN (-D)
# - support both 32-bit and 64-bit platforms with "use lib" path
# - move some verbose ouput under DEBUG (-d)
# - FIX: add missing exit for expired certificate as per comment on plugin
# page
# - use POSIX:floor() instead of int() for rounding daysLeft
# (not to get "0 days left" for certificates that just expired)

Vladimir Mencl, Ph.D.
E-Research Services and Systems Consultant
BlueFern Computing Services
University of Canterbury
Private Bag 4800
Christchurch 8140
New Zealand

Phone: +64 3 364 3012
Mobile: +64 21 997 352
Fax: +64 3 364 3002
bylexiyntax, May 4, 2011
2 of 2 people found this review helpful
Does exactly what I wanted, checking the date on ssl certificates and informing me if they are about to expire.

After expiration it reports the certificate as good. The culprit is a missing exit statement in the expired check; see the diff output below for a fix.

@@ -156,2 +156,3 @@
print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
} elsif ($daysLeft