Page 3 of 3
Re: How to Monitor URL certificate Expiration
Posted: Wed May 27, 2020 4:00 pm
by ssax
You've installed and tested it. Now continue the setup by following the guide starting on page 4:
https://assets.nagios.com/downloads/nag ... ios-XI.pdf
Re: How to Monitor URL certificate Expiration
Posted: Wed May 27, 2020 4:20 pm
by lgaddam
Team,
Kindly help me how to implement in nagiosxi to generate alerts.
The file is downloaded in nagios server, how to use this CA file while defining the command.
Re: How to Monitor URL certificate Expiration
Posted: Thu May 28, 2020 9:07 am
by ssax
lgaddam, let's step back for a second.
The plugin that was recommended by the other technician (that I came in to bug fix) will only work against a file, not a network CRL resource.
Is it your intention to check the CRL over the network or locally on the system?
If you want to check it through the network (likely what I would want to do) then this plugin will not work for this and we'll need to find you a different one that does do what you'd like.
I'm going to search for one after my meeting today (shortly) and I'll let you know what I find. There has to be one that will work across the network.
Once I find one I will send you instructions on what you need to do to add the plugin, command, and setup a service for this so we can get this working for you.
Re: How to Monitor URL certificate Expiration
Posted: Thu May 28, 2020 10:27 am
by ssax
One question, are you just looking for the expiration date of the CRL or show the revoked certificates in the CRL?
The CRL plugins I'm finding only show when the CRL expires (they don't show the revoked certs).
Re: How to Monitor URL certificate Expiration
Posted: Thu May 28, 2020 12:17 pm
by lgaddam
Hi Sean,
This is related to Network CRL.
Currently we got the request only to monitor CRL expiration.
Re: How to Monitor URL certificate Expiration
Posted: Thu May 28, 2020 12:43 pm
by ssax
ok, great, I found the original one (that supports over network),
see attached.
Unzip that file and upload it in Admin > Manage Plugins.
Then go to Configure > Core Config Manager > Commands:
- Click the Add New button
- Set these:
Code: Select all
command_name: check_crl_url
command_line: $USER1$/check_crl_url -U '$ARG1$' -w $ARG2$ -c $ARG3$
- Save
Now create a new service or copy an existing service, set these:
- check_command: check_crl_url
- Set $ARG1$ to your CRL, I'm testing with:
http://crl.geotrust.com/crls/gtglobal.crl
- Set $ARG2$ to your warning value: 15
- Set $ARG3$ to your critical value: 30
- Max sure to set check_interval, retry_inteval, max_check_attempts, and any other settings you want
- Test, should work
- Save, Apply Config, and Validate it's working by forcing a check.
You can also test from the CLI like so:
Code: Select all
/usr/local/nagios/libexec/check_crl_url -U 'http://crl.geotrust.com/crls/gtglobal.crl' -w 30 -c 15
CRL OK: Expires in 32 Day(s) 12 Hour(s) 43 Minute(s) 22 Second(s).
Re: How to Monitor URL certificate Expiration
Posted: Sat May 30, 2020 12:09 am
by lgaddam
Wow !! Fantastic!!
No confusion, Direct steps, worked well. Monitoring configured sucessfully for our client request.
Many Thanks Sean.
Re: How to Monitor URL certificate Expiration
Posted: Mon Jun 01, 2020 8:49 am
by scottwilkerson
lgaddam wrote:Wow !! Fantastic!!
No confusion, Direct steps, worked well. Monitoring configured sucessfully for our client request.
Many Thanks Sean.
Great!
Locking thread