NRPE Client Certificate Checks

[MBowman325]

This question is two-fold, with the other half perhaps more relevant on the NSClient forums.

We use certificates with Nagios/NRPE/NSClient for a number of our systems (>150 or so) and I have records of when the certs were put into service on most of those. I was looking for a check like check_http where I could point it to the port and check the expiration date on the ones we've converted to use certs but I've had no luck.

It looks like the best option I'll have is to check the file itself versus connecting directly to 5666 on the linux machines. I haven't looked at the NSClient side but that may be the option there as well, something with a powershell check.

[cdienger]

check_ssl_cert may be able to do what you need - https://exchange.nagios.org/directory/P ... rt/details. I haven't been able to fully test it and get it to work but it looks promising in that it creates a Client Hello request and then expects the client to respond with a certificate.

[MBowman325]

I had looked at that a while back. It works better when you taken into account allowed hosts..

That does what I need it to do, thank you for pointing that back out!

[scottwilkerson]

I had looked at that a while back. It works better when you taken into account allowed hosts..

That does what I need it to do, thank you for pointing that back out!

Great!

Locking thread