Nagios Support Forum

Hi All,

I am using a plugin to monitor SSL Client Certificates. As these certificates are client certificates, we are saving a copy of the cert file on a directory on the server and then checking the expiry date using the plugin.

This plugin gives the output as OK, WARNING or CRITICAL but the state of the Alert is always OK.

This is causing major issues as we are not notified when the SSL expires.

I have tried modifying the script hoping that this was an issue with the return code, but the return code is correct.

I am not sure what can be done to fix this.

Any suggestions to help would be appreciated.

Thank you,
Rebecca Murray

Do you have a link to the script or can you attach it here? What is the full command you're running it with?

Thank you for the reply. Below is the plugin code.


#! /usr/bin/env python

import time
import subprocess
import re
import argparse

def getTimeString(cpath):
notAfter = subprocess.Popen(["openssl", "x509", "-enddate", "-noout", "-in", cpath], stdout=subprocess.PIPE)
notAfter = notAfter.stdout.read()
end = re.search("notAfter=", notAfter).end()
return notAfter[end:].rstrip()


def parseMe(timeString):
struct_time = time.strptime(timeString, "%b %d %H:%M:%S %Y %Z")
return struct_time

def getTimeDelta(stime):
# return time delta in days
now = time.localtime();
return (time.mktime(stime) - time.mktime(now)) / (60 * 60 * 24)

def parse_argument(args):
cthreshold = args.critical
wthreshold = args.warning
path = args.path

tstring = getTimeString(path)
tstruct = parseMe(tstring)
ndays = getTimeDelta(tstruct)

if ndays <= int(cthreshold):
status=2
msg = 'CRITICAL'
elif ndays <= int(wthreshold) and ndays > int(cthreshold):
status=1
msg = 'WARNING'
elif ndays > int(wthreshold):
status=0
msg = 'OK'
else:
status=3
msg = 'UNKNOWN'

print msg
return status

def main():
parser = argparse.ArgumentParser(description='check_ssl_certificate')

parser.add_argument('-c', action="store", dest="critical", help='Set Critical Threshold')
parser.add_argument('-w', action="store", dest="warning", help='Set Warning Threshold')
parser.add_argument('-p', action="store", dest="path", help='Set Cert Path')


args = parser.parse_args()
parse_argument(args)

if __name__ == '__main__':
main()

It's a little hard to read the posted code without any leading whitespace in there.

I have attached a possible fix. (I cant test the code myself)
In the top of the file after the line "import argparse" add another line "import sys". (Attached Capture1.PNG screenshot)

Find the line "return status" and replace it with "sys.exit(status)". (Attached Capture2.PNG screenshot)
Take note of the whitespace before the old return statement.

Can you attach the script instead of copying and pasting? Change the extension to .txt if necessary. The formatting is off with the copy and paste and throwing errors when I try to test it.

Sure. Thank you for your help.

Please find attached code in a .txt file.

It looks @Tanel's response and mine overlapped and I didn't see theirs. The modified script that they provided appears to be good and worked on my lab machine. Make the changes or use they script they provided and let us know if there are any further issues.

Thanks @Tanel!

Hi All,

Thanks for looking into this and helping fix it.

This thread can now be closed.

Regards,
Rebecca Murray