Security

check_ssl_certificate

Write a Review

Description:

This script checks the expiration of an SSL certificate.

Current Version

Last Release Date

June 18, 2009

Compatible With

Owner

Nagios Exchange

Copy Page Link Recommend Login to Add to Favorites
Project Files
FileDescription
check_ssl_certificate

version 1.2

Project Notes
This script will check SSL certificates to see if they have expired. It is known to work with imap (w/starttls), imaps, pop (w/starttls), pops, https, ldap (w/starttls) and ldaps. It requires the openssl program (from the OpenSSL toolkit). The current version is 1.2.
Reviews (4) Add a Review
Usage instructions
by wbwbwb, November 30, 2018

The full options are not shown in the plugin without viewing the source, so for reference here they are: -a Additional parameters to send to openssl, like: -a "-servername www.example.com" -c Critical value to alert on (days until expiration) like: -c 14 -h Help -H Host (IP or domain name to connect to) like: -H www.example.com -o Openssl binary path, like: -o /usr/bin/openssl -p Optional port number (default 443) like: -p 443 -v Verbose -V Version -w Warning value to alert on (days until expiration) like: -c 21


Good
by smidaren, March 31, 2018

Good plugin but Vladimir's modified one is better since you also check a cert file. Vladimir's plugin can be found here: https://raw.githubusercontent.com/nesi/BeSTGRID-legacy/master/df/scripts/check_ssl_certificate


Thanks - and I have extended this plugin
by vladimir.mencl, March 31, 2014

Hi, Thanks for the plugin. I have extended it so that it can also check certificates in a file - plus a few minor improvements. You are welcome to grab my version from https://subversion.ceres.auckland.ac.nz/BeSTGRID/df/scripts/check_ssl_certificate Cheers, Vlad PS: The set of changes in this # 2014-03-26 Vladimir Mencl # - add support for checking a certificate in the file (-f) # - add option for supporting a full DN instead of just CN (-D) # - support both 32-bit and 64-bit platforms with "use lib" path # - move some verbose ouput under DEBUG (-d) # - FIX: add missing exit for expired certificate as per comment on plugin # page # - use POSIX:floor() instead of int() for rounding daysLeft # (not to get "0 days left" for certificates that just expired) -- Vladimir Mencl, Ph.D. E-Research Services and Systems Consultant BlueFern Computing Services University of Canterbury Private Bag 4800 Christchurch 8140 New Zealand http://www.bluefern.canterbury.ac.nz mailto:vladimir.mencl@canterbury.ac.nz Phone: +64 3 364 3012 Mobile: +64 21 997 352 Fax: +64 3 364 3002


Plugin Works Except on Expired Certificates
by lexiyntax, May 31, 2011

Does exactly what I wanted, checking the date on ssl certificates and informing me if they are about to expire. After expiration it reports the certificate as good. The culprit is a missing exit statement in the expired check; see the diff output below for a fix. @@ -156,2 +156,3 @@ print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.n"; + exit $ERRORS{'CRITICAL'}; } elsif ($daysLeft


Add a Review

You must be logged in to submit a review.

Thank you for your review!

Your review has been submitted and is pending approval.

Recommend

To:


From:


Thank you for your recommendation!

Your recommendation has been sent.

Page Sections
Project Overview Project Files Project Notes Reviews
Project Stats
Rating
4.3 (4)
Favorites
2
Views
188,970