check_ssl_certificate bug

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
endstille
Posts: 7
Joined: Mon Sep 12, 2016 2:55 am

check_ssl_certificate bug

Post by endstille »

Hey all,
i think i discovered a bug in check_ssl_certificate.
We failed to update a certificate in time. by the time of it's expiration, the check went "OK" again.
if you run it manually, it "says" ciritcal but the return value is zero.

nagios@grolne-moni01:/usr/local/nagios/libexec$ ./check_ssl_certificate -H GrolNE-MAG02
m=Feb, d=3, h=00, m=00, s=00, y=2017, z=GMT
check_ssl_certificates: CRITICAL - this certificate expired 21 day(s) ago.
nagios@grolne-moni01:/usr/local/nagios/libexec$ echo $?
0

Kind regards
Marc
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: check_ssl_certificate bug

Post by mcapra »

Assuming we're referring to this plugin:
https://exchange.nagios.org/directory/P ... te/details

That plugin is actually quite old and likely not actively maintained anymore. You should be able to leverage check_http (which is actively maintained by Nagios Enterprises and community members) to monitor a host for certificate expiration though:

Code: Select all

 CHECK CERTIFICATE: check_http -H www.verisign.com -C 14

 When the certificate of 'www.verisign.com' is valid for more than 14 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
 the certificate is expired.

 CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14

 When the certificate of 'www.verisign.com' is valid for more than 30 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 30 days, but more than 14 days, a STATE_WARNING is returned.
 A STATE_CRITICAL will be returned when certificate expires in less than 14 days
I also found these community plugins which do roughly the same thing:
https://github.com/HariSekhon/nagios-pl ... sl_cert.pl
https://github.com/mcapra/nagios-check_ ... ration.php
Former Nagios employee
https://www.mcapra.com/
endstille
Posts: 7
Joined: Mon Sep 12, 2016 2:55 am

Re: check_ssl_certificate bug

Post by endstille »

Thank you!

I was not aware, i'm using some old plugin, thought it would be part of the core-plugins.
I'll adjust my checks accordingly, using one of your mention plugins :)

EDIT: switched to check_http within minutes, very streightforward.
Thanks

Kind regards
Marc
dwhitfield
Former Nagios Staff
Posts: 4583
Joined: Wed Sep 21, 2016 10:29 am
Location: NoLo, Minneapolis, MN
Contact:

Re: check_ssl_certificate bug

Post by dwhitfield »

It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!
Locked