Linux and Nagios‎ > ‎

Nagios Monitor HTTPS SSL Certificate Expiry

posted 12 Jun 2011, 04:46 by Tristan Self
http://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert_alternative/details

Downloaded the file and stuck it in: /usr/local/share/nagios/libexec

Make it execuatable:

# chmod 755 check_ssl_cert_alternative.pl

Change the owner:

# chown nagios check_ssl_cert_alternative.pl

Change the group:

# chgrp nagios check_ssl_cert_alternative.pl

Rename it so I don't need to stick the .pl on the end:

# mv check_ssl_cert_alternative.pl check_ssl_cert_alternative

Do a test run:

./check_ssl_cert_alternative -H servername.domain.name:443

Seems to be okay:

servername.domain.name:443 68 Days left

In the example below, that needs to be added to your nagios config. Setting !30!10, sets the warning at 30 days and the critical at 10 days.

------------------------------------------------------------------------------------------------------------------------------------
Windowsservers.cfg
------------------------------------------------------------------------------------------------------------------------------------

define service{
use                     generic-service
host_name               SERVERNAME
service_description     SSL Cert
check_command           check_https!30!10
}

------------------------------------------------------------------------------------------------------------------------------------
commands.cfg
------------------------------------------------------------------------------------------------------------------------------------

define command{
command_name    check-ssl-cert
command_line    $USER1$/check_ssl_cert_alternative -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$
}

------------------------------------------------------------------------------------------------------------------------------------

Changed this also to give the remaining time as it seemed to be more useful, but also added the time/date at the end too. This was done by editing the

script itself.

#############################################
print "$hoststring $certtimeleft Days left, Expires on: $certenddate \n";
#print "$hoststring expires on $certenddate\n";
#############################################

You can also set cert expiry warning levels in the script if you don't want to pass these arguments via the command string.
Comments