Page 1 of 1
check_ssl_certificate bug
Posted: Fri Feb 24, 2017 12:52 am
by endstille
Hey all,
i think i discovered a bug in check_ssl_certificate.
We failed to update a certificate in time. by the time of it's expiration, the check went "OK" again.
if you run it manually, it "says" ciritcal but the return value is zero.
nagios@grolne-moni01:/usr/local/nagios/libexec$ ./check_ssl_certificate -H GrolNE-MAG02
m=Feb, d=3, h=00, m=00, s=00, y=2017, z=GMT
check_ssl_certificates: CRITICAL - this certificate expired 21 day(s) ago.
nagios@grolne-moni01:/usr/local/nagios/libexec$ echo $?
0
Kind regards
Marc
Re: check_ssl_certificate bug
Posted: Fri Feb 24, 2017 11:23 am
by mcapra
Assuming we're referring to this plugin:
https://exchange.nagios.org/directory/P ... te/details
That plugin is actually quite old and likely not actively maintained anymore. You should be able to leverage
check_http (which is actively maintained by Nagios Enterprises and community members) to monitor a host for certificate expiration though:
Code: Select all
CHECK CERTIFICATE: check_http -H www.verisign.com -C 14
When the certificate of 'www.verisign.com' is valid for more than 14 days,
a STATE_OK is returned. When the certificate is still valid, but for less than
14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
the certificate is expired.
CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14
When the certificate of 'www.verisign.com' is valid for more than 30 days,
a STATE_OK is returned. When the certificate is still valid, but for less than
30 days, but more than 14 days, a STATE_WARNING is returned.
A STATE_CRITICAL will be returned when certificate expires in less than 14 days
I also found these community plugins which do roughly the same thing:
https://github.com/HariSekhon/nagios-pl ... sl_cert.pl
https://github.com/mcapra/nagios-check_ ... ration.php
Re: check_ssl_certificate bug
Posted: Tue Feb 28, 2017 1:49 am
by endstille
Thank you!
I was not aware, i'm using some old plugin, thought it would be part of the core-plugins.
I'll adjust my checks accordingly, using one of your mention plugins
EDIT: switched to check_http within minutes, very streightforward.
Thanks
Kind regards
Marc
Re: check_ssl_certificate bug
Posted: Tue Feb 28, 2017 10:22 am
by dwhitfield
It sounds like this issue has been resolved. Is it okay if we lock this thread? Thanks for choosing the Nagios forums!