How to check an SSL cert from behind a proxy

bomahony · Post by **bomahony** » Thu Jan 17, 2019 1:00 pm

Hey folks, back again with another one of my weird issues.

I need to check a few dozen SSL certs, but my use case is a bit odd:
1. Traffic can only exit to the wild via http or https proxy
2. I need to check the number of days left primarily
3. The certs are not on port 443. They are on multiple different ports as well as some mail ports
4. It has to run on RHEL7
5. I cannot use self-compiled openssl [ie openssl 1.1 has the -proxy option, but RHEL7 is on 1.0.1f]
6. I need to avoid using proxytunnel if possible.

Any suggestions on how to do this?

bomahony · Post by **bomahony** » Thu Jan 17, 2019 1:09 pm

I was banging my head against a wall for a bit, then realised i can probably do this via curl sending the stderr to a temp file and doing maths on the expiry. Messy, but will probably work. If there any better suggestions, great.

Post by **cdienger** » Thu Jan 17, 2019 5:18 pm

The curl solution is probably the way to go. After labbing this up we weren't able to get the check_http command to connect to a remote SSL hosted on anything but port 443. I've filed a bug regarding this:

https://github.com/nagios-plugins/nagio ... issues/432

bomahony · Post by **bomahony** » Fri Jan 18, 2019 11:26 am

Yeah hacked together a curl script for it, thanks.

Post by **cdienger** » Fri Jan 18, 2019 11:41 am

Glad to hear you have a workaround!

Nagios Support Forum

How to check an SSL cert from behind a proxy

How to check an SSL cert from behind a proxy

Re: How to check an SSL cert from behind a proxy

Re: How to check an SSL cert from behind a proxy

Re: How to check an SSL cert from behind a proxy

Re: How to check an SSL cert from behind a proxy