Hi,
We have a requirement, We need to setup monitoring of the SSL expiry for the URL https://fs.anz.com/adls/ls/idpinitiatedsignon.aspx?
We are using a plugin check_ssl_cert_expiry to check the expiry of the SSL certificate.
Following is the syntax.
check_ssl_cert_expiry -h <host> -w <warning> -c <critical>
We are getting wrong results while checking the SSL expiry.
./check_ssl_cert_expiry -h fs.anz.com -w 45 -c 30
CRITICAL : 0 days are left for SSL Certificate Expiration on Host anz.com
fs.anz.com is the certificate name.
When we check on web site , expiry date is on 12/22/2021
When we check the same for google.com we are getting correct results.
./check_ssl_cert_expiry -h google.com -w 45 -c 30
OK: 56 days are left for SSL Certificate Expiration on Host google.com
What could be the reason?
SSL expiry giving wrong results
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: SSL expiry giving wrong results
I'm not familiar with that plugin but what if you just use check_http?
Code: Select all
-C, --certificate=INTEGER[,INTEGER]
Minimum number of days a certificate has to be valid. Port defaults to 443
(when this option is used the URL is not checked.)
...
CHECK CERTIFICATE: check_http -H www.verisign.com -C 14
When the certificate of 'www.verisign.com' is valid for more than 14 days,
a STATE_OK is returned. When the certificate is still valid, but for less than
14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
the certificate is expired.
CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14
When the certificate of 'www.verisign.com' is valid for more than 30 days,
a STATE_OK is returned. When the certificate is still valid, but for less than
30 days, but more than 14 days, a STATE_WARNING is returned.
A STATE_CRITICAL will be returned when certificate expires in less than 14 days
Code: Select all
/usr/local/nagios/libexec/check_http -H fs.anz.com -C 45,30
Re: SSL expiry giving wrong results
Thank you.
I used the following and it is resolved.
check_http -H fs.anz.com --ssl -C 40,15 --sni
You may lock this thread. Thank you.
I used the following and it is resolved.
check_http -H fs.anz.com --ssl -C 40,15 --sni
You may lock this thread. Thank you.
-
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: SSL expiry giving wrong results
Great!Pratapa wrote:Thank you.
I used the following and it is resolved.
check_http -H fs.anz.com --ssl -C 40,15 --sni
You may lock this thread. Thank you.
Locking