Home Directory Plugins Web Servers check_ssl_cert.pl (Advanced Nagios Plugins Collection)

Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

check_ssl_cert.pl (Advanced Nagios Plugins Collection)

Rating
1 vote
Favoured:
0
Compatible With
  • Nagios 1.x
  • Nagios 2.x
  • Nagios 3.x
  • Nagios XI
Hits
182626
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Check SSL Certificate Validity:

1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)
Part of the Advanced Nagios Plugins Collection, download it here:

https://github.com/harisekhon/nagios-plugins

./check_ssl_cert.pl --help

Nagios Plugin to check SSL Certificate Validity

Checks:

1. Certificate Expiry in days
2. Chain of Trust
2a. Root CA certificate is trusted
2b. Any intermediate certificates are present, especially important for Mobile devices
3. Domain name on certificate (optional)
4. Subject Alternative Names supported by certificate (optional)

usage: check_ssl_cert.pl [ options ]

-H --host The host to check
-P --port The port to check (defaults to port 443)
-d --domain Expected domain of the certificate
-s --subject-alternative-names Additional FQDNs to require on the certificate
-w --warning The warning threshold in days before expiry (defaults to 30)
-c --critical The critical threshold in days before expiry (defaults to 14)
-N --no-validate Do not validate the SSL certificate chain
-C --CApath Path to ssl root certs dir (will attempt to determine from openssl binary if not supplied)
-h --help Print description and usage options
-t --timeout Timeout in secs (default: 10)
-v --verbose Verbose mode
-V --version Print version and exit
Reviews (1)
I had to tweak the script to handle certificates that contain OIDs.

Change:
my %h=grep /./,(split //([A-Za-z]+)=/,$subject);
to
my %h=grep /./,(split //([A-Za-z]+|[.d]+)=/,$subject);