I ran the website monitoring wizard expecting to find a section where I could be alerted before an SSL certificate expired. The description of the wizard is explained as:
This Nagios XI monitoring wizard allows you to monitor websites. Support SSL and basic authentication. Allows you to monitor HTTP, page content (basic string and regular expression), SSL certificate expiration, and DNS/IP match.
I am assuming that the functionality of the website monitoring wizard to check an SSL cert and send notification before it expires does not exist and that it only takes into account a certificate that has expired to send an alert?
(*edited*)
Website Monitoring wizard SSL certificate expiration
Re: Website Monitoring wizard SSL certificate expiration
I'm using the check_xi_service_http_cert command (which is really using check_http).
$USER1$/check_http -H $HOSTADDRESS$ -C $ARG1$
$ARG1$ = 30
This alerts us 30 days out from a cert expiring. I used the wizard as well so I can confirm it works.
The man page for check_http is linked below and the pertinent section is quoted. You can test this by setting $ARG1$ to a value greater than your certs lifetime.
https://www.monitoring-plugins.org/doc/ ... _http.html
$USER1$/check_http -H $HOSTADDRESS$ -C $ARG1$
$ARG1$ = 30
This alerts us 30 days out from a cert expiring. I used the wizard as well so I can confirm it works.
The man page for check_http is linked below and the pertinent section is quoted. You can test this by setting $ARG1$ to a value greater than your certs lifetime.
https://www.monitoring-plugins.org/doc/ ... _http.html
-C, --certificate=INTEGER[,INTEGER]
Minimum number of days a certificate has to be valid. Port defaults to 443
(when this option is used the URL is not checked.)
I like graphs...
Re: Website Monitoring wizard SSL certificate expiration
You would see the "SSL Certificate" check in Step 2 of the "Website" monitoring wizard IF you had "https" in the "Website URL" field. If you had "http", the check would not be created. Hope this helps.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: Website Monitoring wizard SSL certificate expiration
I was able to get the website monitoring wizards to note an ssl certificate expiration 30 days out. But it appears that when testing it that the wizard won't go critical until it actually expires. Are there any where we can set the threshold to be critical before a certificate expires? Folks around here typically ignore warnings and we have been configuring our criticals to be proactive before an issue becomes apparent. Is there any way to make a modification to the behavior so that a critical can be 30 days before a certificate expires instead of a warning.
-
Box293
- Too Basu
- Posts: 5126
- Joined: Sun Feb 07, 2010 10:55 pm
- Location: Deniliquin, Australia
- Contact:
Re: Website Monitoring wizard SSL certificate expiration
CHECK CERTIFICATE: check_http -H http://www.verisign.com -C 30,14
When the certificate of 'www.verisign.com' is valid for more than 30 days,
a STATE_OK is returned. When the certificate is still valid, but for less than
30 days, but more than 14 days, a STATE_WARNING is returned.
A STATE_CRITICAL will be returned when certificate expires in less than 14 days
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: Website Monitoring wizard SSL certificate expiration
Thanks! That helped!
Re: Website Monitoring wizard SSL certificate expiration
Glad to see this worked. I'll close this thread out now, but feel free to open another if you ever need assistance.
Former Nagios Employee