Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
check_ssl_cert.pl (Advanced Nagios Plugins Collection) Popular
Compatible With
- Nagios 1.x
- Nagios 2.x
- Nagios 3.x
- Nagios XI
Owner
Download URL
Hits
640468
1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)
Part of the Advanced Nagios Plugins Collection, download it here:
https://github.com/harisekhon/nagios-plugins
./check_ssl_cert.pl --help
Nagios Plugin to check SSL Certificate Validity
Checks:
1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)
usage: check_ssl_cert.pl [ options ]
-H --host The host to check
-P --port The port to check (defaults to port 443)
-d --domain Expected domain of the certificate
-s --subject-alternative-names Additional FQDNs to require on the certificate
-w --warning The warning threshold in days before expiry (defaults to 30)
-c --critical The critical threshold in days before expiry (defaults to 14)
-N --no-validate Do not validate the SSL certificate chain
-C --CApath Path to ssl root certs dir (will attempt to determine from openssl binary if not supplied)
-h --help Print description and usage options
-t --timeout Timeout in secs (default: 10)
-v --verbose Verbose mode
-V --version Print version and exit
https://github.com/harisekhon/nagios-plugins
./check_ssl_cert.pl --help
Nagios Plugin to check SSL Certificate Validity
Checks:
1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)
usage: check_ssl_cert.pl [ options ]
-H --host The host to check
-P --port The port to check (defaults to port 443)
-d --domain Expected domain of the certificate
-s --subject-alternative-names Additional FQDNs to require on the certificate
-w --warning The warning threshold in days before expiry (defaults to 30)
-c --critical The critical threshold in days before expiry (defaults to 14)
-N --no-validate Do not validate the SSL certificate chain
-C --CApath Path to ssl root certs dir (will attempt to determine from openssl binary if not supplied)
-h --help Print description and usage options
-t --timeout Timeout in secs (default: 10)
-v --verbose Verbose mode
-V --version Print version and exit
Reviews (1)
byfrnkblk, October 18, 2014
I had to tweak the script to handle certificates that contain OIDs.
Change:
my %h=grep /./,(split //([A-Za-z]+)=/,$subject);
to
my %h=grep /./,(split //([A-Za-z]+|[.d]+)=/,$subject);
Change:
my %h=grep /./,(split //([A-Za-z]+)=/,$subject);
to
my %h=grep /./,(split //([A-Za-z]+|[.d]+)=/,$subject);
