SSL certificate checks and SNI

[TBT]

We are currently using 'check_xi_service_http_cert' to check for the expiry dates on certificates on our networks. Recently, we configured a system to use Server Name Indication (SNI).

In configuring SNI, we have discovered that the 'check_xi_service_http_cert' program is unable to validate the certificate and is generating warnings.

We would like to standardize on the command as much as possible going forward. Is there a Nagios certificate checking program available that can validate certificates on servers both using and not using SNI?

[benjaminsmith]

Hi @TBT,

So the wizard or the check_xi_service_http_cert command in Nagios XI is using the check_http plugin to run those certificate checks. This plugin does have an optional argument for SNI.

--sni
Enable SSL/TLS hostname extension support (SNI)

https://www.monitoring-plugins.org/doc/ ... _http.html

Try testing the failing check directly from the command line but add the --sni argument this time.

Nagios XI - How To Test Check Commands From The Command-line

If that works, you can create a new check command in the CCM with that option.

--Benjamin

[TBT]

Issue resolved. Thanks.

[benjaminsmith]

Hi,

Issue resolved. Thanks.

Excellent! We'll close this thread.

Have a great weekend!