Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

NRPE Client Certificate Checks

https://support.nagios.com/forum/viewtopic.php?t=55010

Page 1 of 1

NRPE Client Certificate Checks

Posted: Fri Aug 02, 2019 2:03 pm
by MBowman325
This question is two-fold, with the other half perhaps more relevant on the NSClient forums.

We use certificates with Nagios/NRPE/NSClient for a number of our systems (>150 or so) and I have records of when the certs were put into service on most of those. I was looking for a check like check_http where I could point it to the port and check the expiration date on the ones we've converted to use certs but I've had no luck.

It looks like the best option I'll have is to check the file itself versus connecting directly to 5666 on the linux machines. I haven't looked at the NSClient side but that may be the option there as well, something with a powershell check.

Re: NRPE Client Certificate Checks

Posted: Fri Aug 02, 2019 4:17 pm
by cdienger
check_ssl_cert may be able to do what you need - https://exchange.nagios.org/directory/P ... rt/details. I haven't been able to fully test it and get it to work but it looks promising in that it creates a Client Hello request and then expects the client to respond with a certificate.

Re: NRPE Client Certificate Checks

Posted: Tue Aug 06, 2019 8:56 am
by MBowman325
I had looked at that a while back. It works better when you taken into account allowed hosts..

That does what I need it to do, thank you for pointing that back out!

Re: NRPE Client Certificate Checks

Posted: Tue Aug 06, 2019 9:59 am
by scottwilkerson
MBowman325 wrote:I had looked at that a while back. It works better when you taken into account allowed hosts..

That does what I need it to do, thank you for pointing that back out!
Great!

Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited