Giter VIP home page Giter VIP logo

check_ssl_cert's Introduction

 (c) Matteo Corti, ETH Zurich, 2007-2012
 (c) Matteo Corti, 2007-2015

  see AUTHORS for the complete list of contributors

check_ssl_cert

A Nagios plugin to check an X.509 certificate:
 - checks if the server is running and delivers a valid certificate
 - checks if the CA matches a given pattern
 - checks the validity

Usage:
======

check_ssl_cert -H host [OPTIONS]

Arguments:
   -H,--host host         server

Options:
   -A,--noauth            ignore authority warnings (expiration only)
      --altnames          matches the pattern specified in -n with alternate
                          names too
   -C,--clientcert path   use client certificate to authenticate
      --clientpass phrase set passphrase for client certificate.
   -c,--critical days     minimum number of days a certificate has to be valid
                          to issue a critical status
   -e,--email address     pattern to match the email address contained in the
                          certificate
   -f,--file file         local file path (works with -H localhost only)
   -h,--help,-?           this help message
      --long-output list  append the specified comma separated (no spaces) list
                          of attributes to the plugin output on additional lines.
                          Valid attributes are:
                            enddate, startdate, subject, issuer, modulus, serial,
                            hash, email, ocsp_uri and fingerprint.
                          'all' will include all the available attributes.
   -i,--issuer issuer     pattern to match the issuer of the certificate
   -n,--cn name           pattern to match the CN of the certificate
   -N,--host-cn           match CN with the host name
      --ocsp              check revocation via OCSP
   -o,--org org           pattern to match the organization of the certificate
      --openssl path      path of the openssl binary to be used
   -p,--port port         TCP port
   -P,--protocol protocol use the specific protocol {http|smtp|pop3|imap|ftp|xmpp}
                          http:               default
                          smtp,pop3,imap,ftp: switch to TLS
   -s,--selfsigned        allows self-signed certificates
      --serial serialnum  pattern to match the serial number
   -S,--ssl version       force SSL version (2,3)
   -r,--rootcert path     root certificate or directory to be used for
                          certificate validation
   -t,--timeout           seconds timeout after the specified time
                          (defaults to 15 seconds)
      --temp dir          directory where to store the temporary files
      --tls1              force TLS version 1
   -v,--verbose           verbose output
   -V,--version           version
   -w,--warning days      minimum number of days a certificate has to be valid
                          to issue a warning status

Expect:
=======

check_ssl_cert requires 'expect' to enable timouts. If expect is not
present on your system timeouts will be disabled.

See: http://en.wikipedia.org/wiki/Expect

Perl and Date::Parse:
=====================

If perl and Date::Parse are available the plugin will also compute for
how many days the certificate will be valid and put the information in
the performance data. If perl or Date::Parse are not available the
information will not be available.

Virtual servers:
================

check_ssl_client supports the servername TLS extension in ClientHello
if the installed openssl version provides it. This is needed if you
are checking a machine with virtual hosts.

Notes:
======

the root certificate corresponding to the checked certificate must be
available to openssl or specified with the '-r cabundle' or
'--rootcert cabundle' option, where cabundle is either a file for -CAfile
or a directory for -CApath.

On Mac OS X the root certificates bundle is stored in the Keychain and
openssl will complain with:

   verification error: unable to get local issuer certificate

The bundle can be extracted with:

$ sudo security find-certificate -a \
  -p /System/Library/Keychains/SystemRootCertificates.keychain > cabundle.crt

Bugs:
=====

Report bugs to https://github.com/matteocorti/check_ssl_cert/issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.