Team,
We got a request to monitor URL Certificate expiration.
They have provided URl consisting of .crl.
Could you please help me how to implement this in Nagios XI.
How to Monitor URL certificate Expiration
Re: How to Monitor URL certificate Expiration
You could check an SSL certificate using the check_ssl_cert plugin. Are the addresses in question reachable from your Nagios XI machine? Are they hosting web applications with SSL certificates, or is it some other kind of certificate?
https://exchange.nagios.org/directory/P ... rt/details
I do not believe that Nagios currently offers a way to natively read a .crl file, but there are a couple plugins on the Exchange that may suit your needs.
https://exchange.nagios.org/directory/P ... rt/details
https://exchange.nagios.org/directory/P ... rl/details
Does that help? Please let me know if I can answer any more specific questions. The best solution can vary based on network architecture and security protocols in place at your particular organization.
https://exchange.nagios.org/directory/P ... rt/details
I do not believe that Nagios currently offers a way to natively read a .crl file, but there are a couple plugins on the Exchange that may suit your needs.
https://exchange.nagios.org/directory/P ... rt/details
https://exchange.nagios.org/directory/P ... rl/details
Does that help? Please let me know if I can answer any more specific questions. The best solution can vary based on network architecture and security protocols in place at your particular organization.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: How to Monitor URL certificate Expiration
Thanks for the update.
Please check the actual URL below:
http://pkicorp.com/CA%20ROOT%.crl
Looks the below article may work for this requirement.
https://exchange.nagios.org/directory/P ... rl/details
Kindly let me know how to proceed/steps to implement this in Nagios XI.
I mean what i have to do in Nagios Server with this new plugin.
Please check the actual URL below:
http://pkicorp.com/CA%20ROOT%.crl
Looks the below article may work for this requirement.
https://exchange.nagios.org/directory/P ... rl/details
Kindly let me know how to proceed/steps to implement this in Nagios XI.
I mean what i have to do in Nagios Server with this new plugin.
Re: How to Monitor URL certificate Expiration
I am not able to reach that URL. Is it possible that one of the characters in it was misinterpreted? Please verify whether the link is correct and available external to your organization.
https://www.w3schools.com/tags/ref_urlencode.ASP
You will need to download the plugin > extract it > then navigate to the Admin section of Nagios XI using the bar on top > click Manage Plugins under System Extensions > click Upload Plugin > then upload the [ plugin name ].php file from the folder you decompressed earlier.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
https://www.w3schools.com/tags/ref_urlencode.ASP
You will need to download the plugin > extract it > then navigate to the Admin section of Nagios XI using the bar on top > click Manage Plugins under System Extensions > click Upload Plugin > then upload the [ plugin name ].php file from the folder you decompressed earlier.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: How to Monitor URL certificate Expiration
HI,
Im not able to download plugin stated in below article provided by you.
https://exchange.nagios.org/directory/P ... rl/details
Could you please check whether you are able to download, if yes, please provide me here.
I will work on that.
Im not able to download plugin stated in below article provided by you.
https://exchange.nagios.org/directory/P ... rl/details
Could you please check whether you are able to download, if yes, please provide me here.
I will work on that.
Re: How to Monitor URL certificate Expiration
Whups! Sorry about that. I didn't realize that one was not being maintained. I am getting a notification that the certificate is not secure and then the link does not resolve to a page.
I will look to see if there are other options to monitor a set of SSL certificates for expiry by way of a .CRL file.
I will look to see if there are other options to monitor a set of SSL certificates for expiry by way of a .CRL file.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: How to Monitor URL certificate Expiration
HI,
I sent you PM with the actual requirement.
Please check and help me.
I sent you PM with the actual requirement.
Please check and help me.
Re: How to Monitor URL certificate Expiration
You may have better luck with the check_url plugin.
I had to modify a couple lines of the Perl script, but was able to get it working.
I also found another plugin that looks fairly promising. I will test that one out tomorrow and let you know if it works better than the other ones. This one is written in Python 3. Do you have that installed on your system?
LINK
Code: Select all
LANG=C LC_ALL=C /usr/local/nagios/libexec/check_crl -f CA.crl
OK CRL Restzeit: 64 Tage, 21 Stunden, 42 Minuten und 31 Sekunden.I also found another plugin that looks fairly promising. I will test that one out tomorrow and let you know if it works better than the other ones. This one is written in Python 3. Do you have that installed on your system?
LINK
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: How to Monitor URL certificate Expiration
To get the check_crl plugin working, I had to first download the .crl file to pass through the -f option.
Then modify several lines in the plugin script, named check_crl, located in /usr/local/nagios/libexec.
change
use lib "/usr/lib/nagios/plugins" ;
to
use lib "/usr/local/nagios/libexec" ;
and
change
my $crl_zeit = qx(/usr/bin/openssl crl -noout -text -in $datei | /bin/grep " Next Update:");
to
my $crl_zeit = qx(/usr/bin/openssl crl -inform DER -noout -text -in $datei | /bin/grep " Next Update:");
You will probably also have to precede the command with the following string to force use of the default language.
Then test the plugin from the command line to make sure that it works.
If the output looks similar to the following, that means it worked!
Code: Select all
wget <crl download link>change
use lib "/usr/lib/nagios/plugins" ;
to
use lib "/usr/local/nagios/libexec" ;
and
change
my $crl_zeit = qx(/usr/bin/openssl crl -noout -text -in $datei | /bin/grep " Next Update:");
to
my $crl_zeit = qx(/usr/bin/openssl crl -inform DER -noout -text -in $datei | /bin/grep " Next Update:");
You will probably also have to precede the command with the following string to force use of the default language.
Code: Select all
LANG=C LC_ALL=CCode: Select all
LANG=C LC_ALL=C /usr/local/nagios/libexec/check_crl -f CA.crlThose are the modifications I had to make to get this plugin to work on my CentOS 7 system, you may have to make different ones.OK CRL Restzeit: 64 Tage, 21 Stunden, 42 Minuten und 31 Sekunden.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Be sure to check out our Knowledgebase for helpful articles and solutions!
Re: How to Monitor URL certificate Expiration
Hi,
Thanks for the update. Nagios is hosted on RHEL.
I am not able to see the "check_crl" plugin at /usr/local/nagios/libexec.
[root@p01 ~]# cd /usr/local/nagios/libexec
[root@p01 libexec]# ls -l check_crl
ls: check_crl: No such file or directory
[root@glnagiosp01 libexec]#
I require your help on below items to implement this.
Provide me plugin file which I have to upload in our Nagios XI.
Provide me command line which I need to use while defining the command.
Thanks for the update. Nagios is hosted on RHEL.
I am not able to see the "check_crl" plugin at /usr/local/nagios/libexec.
[root@p01 ~]# cd /usr/local/nagios/libexec
[root@p01 libexec]# ls -l check_crl
ls: check_crl: No such file or directory
[root@glnagiosp01 libexec]#
I require your help on below items to implement this.
Provide me plugin file which I have to upload in our Nagios XI.
Provide me command line which I need to use while defining the command.