Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

How to check an SSL cert from behind a proxy

https://support.nagios.com/forum/viewtopic.php?t=52052

Page 1 of 1

How to check an SSL cert from behind a proxy

Posted: Thu Jan 17, 2019 1:00 pm
by bomahony
Hey folks, back again with another one of my weird issues. :P

I need to check a few dozen SSL certs, but my use case is a bit odd:
1. Traffic can only exit to the wild via http or https proxy
2. I need to check the number of days left primarily
3. The certs are not on port 443. They are on multiple different ports as well as some mail ports
4. It has to run on RHEL7
5. I cannot use self-compiled openssl [ie openssl 1.1 has the -proxy option, but RHEL7 is on 1.0.1f]
6. I need to avoid using proxytunnel if possible.

Any suggestions on how to do this?

Re: How to check an SSL cert from behind a proxy

Posted: Thu Jan 17, 2019 1:09 pm
by bomahony
I was banging my head against a wall for a bit, then realised i can probably do this via curl sending the stderr to a temp file and doing maths on the expiry. Messy, but will probably work. If there any better suggestions, great. :)

Re: How to check an SSL cert from behind a proxy

Posted: Thu Jan 17, 2019 5:18 pm
by cdienger
The curl solution is probably the way to go. After labbing this up we weren't able to get the check_http command to connect to a remote SSL hosted on anything but port 443. I've filed a bug regarding this:

https://github.com/nagios-plugins/nagio ... issues/432

Re: How to check an SSL cert from behind a proxy

Posted: Fri Jan 18, 2019 11:26 am
by bomahony
Yeah hacked together a curl script for it, thanks.

Re: How to check an SSL cert from behind a proxy

Posted: Fri Jan 18, 2019 11:41 am
by cdienger
Glad to hear you have a workaround!
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited