Page 1 of 1
EBJCA PKI certificate check
Posted: Mon Jul 22, 2019 12:31 pm
by jcoba
Hi.
Currently we have a EBJCA PKI certificate running on our premises, ¿its possible to check for an expiring certificate and create an alert?.
Re: EBJCA PKI certificate check
Posted: Mon Jul 22, 2019 2:36 pm
by cdienger
Is the certificate being used for a web service or how is the certificate accessible? The check_http plugin can be used to monitor certificates used by web services, but I'm not familiar with EBJCA to know if this is good fit.
Re: EBJCA PKI certificate check
Posted: Tue Jul 23, 2019 9:36 am
by jcoba
Thanks for the reply.
The certificates are used to authenticate a vpn connection inside a remote ASA device, other are used to sign documents. There is not accesible to http check.
Re: EBJCA PKI certificate check
Posted: Tue Jul 23, 2019 2:54 pm
by cdienger
check_ssl_cert can be used to check a cert of a filesystem -
https://matteocorti.github.io/check_ssl_cert/. For example:
Code: Select all
./check_ssl_cert -H localhost --file /etc/pki/tls/certs/localhost.crt
Re: EBJCA PKI certificate check
Posted: Tue Sep 03, 2019 10:14 am
by jcoba
Do i need to copy those certs to my nagios installation? I cant reach any firewall from the nagios install
Re: EBJCA PKI certificate check
Posted: Wed Sep 04, 2019 10:57 am
by cdienger
The certificates would need to be on the same machine as the check_ssl_cert plugin. This can be the Nagios machine or it can be on a remote machine that uses an agent like NCPA or NRPE to communicate with the Nagios server.
Re: EBJCA PKI certificate check
Posted: Wed Sep 04, 2019 11:57 am
by jcoba
Thanks