Home Directory Plugins Web Servers check_ssl_cert.pl (Advanced Nagios Plugins Collection)

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

check_ssl_cert.pl (Advanced Nagios Plugins Collection) Popular

Rating
1 vote
Favoured:
0
Compatible With
  • Nagios 1.x
  • Nagios 2.x
  • Nagios 3.x
  • Nagios XI
Hits
774786
Nagios CSP

Meet The New Nagios Core Services Platform

Built on over 25 years of monitoring experience, the Nagios Core Services Platform provides insightful monitoring dashboards, time-saving monitoring wizards, and unmatched ease of use. Use it for free indefinitely.

Monitoring Made Magically Better

  • Nagios Core on Overdrive
  • Powerful Monitoring Dashboards
  • Time-Saving Configuration Wizards
  • Open Source Powered Monitoring On Steroids
  • And So Much More!
Check SSL Certificate Validity:

1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)
Part of the Advanced Nagios Plugins Collection, download it here:

https://github.com/harisekhon/nagios-plugins

./check_ssl_cert.pl --help

Nagios Plugin to check SSL Certificate Validity

Checks:

1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)

usage: check_ssl_cert.pl [ options ]

-H --host The host to check
-P --port The port to check (defaults to port 443)
-d --domain Expected domain of the certificate
-s --subject-alternative-names Additional FQDNs to require on the certificate
-w --warning The warning threshold in days before expiry (defaults to 30)
-c --critical The critical threshold in days before expiry (defaults to 14)
-N --no-validate Do not validate the SSL certificate chain
-C --CApath Path to ssl root certs dir (will attempt to determine from openssl binary if not supplied)
-h --help Print description and usage options
-t --timeout Timeout in secs (default: 10)
-v --verbose Verbose mode
-V --version Print version and exit
Reviews (1)
I had to tweak the script to handle certificates that contain OIDs.

Change:
my %h=grep /./,(split //([A-Za-z]+)=/,$subject);
to
my %h=grep /./,(split //([A-Za-z]+|[.d]+)=/,$subject);