EBJCA PKI certificate check

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
jcoba
Posts: 8
Joined: Tue Mar 12, 2019 12:48 pm

EBJCA PKI certificate check

Post by jcoba »

Hi.
Currently we have a EBJCA PKI certificate running on our premises, ¿its possible to check for an expiring certificate and create an alert?.
Julian C
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: EBJCA PKI certificate check

Post by cdienger »

Is the certificate being used for a web service or how is the certificate accessible? The check_http plugin can be used to monitor certificates used by web services, but I'm not familiar with EBJCA to know if this is good fit.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jcoba
Posts: 8
Joined: Tue Mar 12, 2019 12:48 pm

Re: EBJCA PKI certificate check

Post by jcoba »

Thanks for the reply.
The certificates are used to authenticate a vpn connection inside a remote ASA device, other are used to sign documents. There is not accesible to http check.
Julian C
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: EBJCA PKI certificate check

Post by cdienger »

check_ssl_cert can be used to check a cert of a filesystem - https://matteocorti.github.io/check_ssl_cert/. For example:

Code: Select all

./check_ssl_cert -H localhost --file /etc/pki/tls/certs/localhost.crt
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jcoba
Posts: 8
Joined: Tue Mar 12, 2019 12:48 pm

Re: EBJCA PKI certificate check

Post by jcoba »

Do i need to copy those certs to my nagios installation? I cant reach any firewall from the nagios install
Julian C
User avatar
cdienger
Support Tech
Posts: 5045
Joined: Tue Feb 07, 2017 11:26 am

Re: EBJCA PKI certificate check

Post by cdienger »

The certificates would need to be on the same machine as the check_ssl_cert plugin. This can be the Nagios machine or it can be on a remote machine that uses an agent like NCPA or NRPE to communicate with the Nagios server.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
jcoba
Posts: 8
Joined: Tue Mar 12, 2019 12:48 pm

Re: EBJCA PKI certificate check

Post by jcoba »

Thanks
Julian C
Locked