SSL expiry giving wrong results

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Pratapa
Posts: 144
Joined: Tue Oct 01, 2019 1:33 am

SSL expiry giving wrong results

Post by Pratapa »

Hi,

We have a requirement, We need to setup monitoring of the SSL expiry for the URL https://fs.anz.com/adls/ls/idpinitiatedsignon.aspx?

We are using a plugin check_ssl_cert_expiry to check the expiry of the SSL certificate.

Following is the syntax.

check_ssl_cert_expiry -h <host> -w <warning> -c <critical>

We are getting wrong results while checking the SSL expiry.

./check_ssl_cert_expiry -h fs.anz.com -w 45 -c 30
CRITICAL : 0 days are left for SSL Certificate Expiration on Host anz.com

fs.anz.com is the certificate name.

When we check on web site , expiry date is on 12/22/2021

When we check the same for google.com we are getting correct results.

./check_ssl_cert_expiry -h google.com -w 45 -c 30
OK: 56 days are left for SSL Certificate Expiration on Host google.com

What could be the reason?
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: SSL expiry giving wrong results

Post by scottwilkerson »

I'm not familiar with that plugin but what if you just use check_http?

Code: Select all

 -C, --certificate=INTEGER[,INTEGER]
    Minimum number of days a certificate has to be valid. Port defaults to 443
    (when this option is used the URL is not checked.)
...
 CHECK CERTIFICATE: check_http -H www.verisign.com -C 14

 When the certificate of 'www.verisign.com' is valid for more than 14 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
 the certificate is expired.


 CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14

 When the certificate of 'www.verisign.com' is valid for more than 30 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 30 days, but more than 14 days, a STATE_WARNING is returned.
 A STATE_CRITICAL will be returned when certificate expires in less than 14 days

Code: Select all

/usr/local/nagios/libexec/check_http -H fs.anz.com -C 45,30
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
Pratapa
Posts: 144
Joined: Tue Oct 01, 2019 1:33 am

Re: SSL expiry giving wrong results

Post by Pratapa »

Thank you.

I used the following and it is resolved.

check_http -H fs.anz.com --ssl -C 40,15 --sni


You may lock this thread. Thank you.
Top
scottwilkerson
DevOps Engineer
Posts: 19396
Joined: Tue Nov 15, 2011 3:11 pm
Location: Nagios Enterprises
Contact:
Contact scottwilkerson

Re: SSL expiry giving wrong results

Post by scottwilkerson »

Pratapa wrote:Thank you.

I used the following and it is resolved.

check_http -H fs.anz.com --ssl -C 40,15 --sni


You may lock this thread. Thank you.
Great!

Locking
Former Nagios employee
Creator:
ahumandesign.com
enneagrams.com
Top
Locked

Return to “Open Source Nagios Projects”