Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

SSL expiry giving wrong results

https://support.nagios.com/forum/viewtopic.php?t=57137

Page 1 of 1

SSL expiry giving wrong results

Posted: Fri Jan 17, 2020 1:13 am
by Pratapa
Hi,

We have a requirement, We need to setup monitoring of the SSL expiry for the URL https://fs.anz.com/adls/ls/idpinitiatedsignon.aspx?

We are using a plugin check_ssl_cert_expiry to check the expiry of the SSL certificate.

Following is the syntax.

check_ssl_cert_expiry -h <host> -w <warning> -c <critical>

We are getting wrong results while checking the SSL expiry.

./check_ssl_cert_expiry -h fs.anz.com -w 45 -c 30
CRITICAL : 0 days are left for SSL Certificate Expiration on Host anz.com

fs.anz.com is the certificate name.

When we check on web site , expiry date is on 12/22/2021

When we check the same for google.com we are getting correct results.

./check_ssl_cert_expiry -h google.com -w 45 -c 30
OK: 56 days are left for SSL Certificate Expiration on Host google.com

What could be the reason?

Re: SSL expiry giving wrong results

Posted: Fri Jan 17, 2020 12:55 pm
by scottwilkerson
I'm not familiar with that plugin but what if you just use check_http?

Code: Select all

 -C, --certificate=INTEGER[,INTEGER]
    Minimum number of days a certificate has to be valid. Port defaults to 443
    (when this option is used the URL is not checked.)
...
 CHECK CERTIFICATE: check_http -H www.verisign.com -C 14

 When the certificate of 'www.verisign.com' is valid for more than 14 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when
 the certificate is expired.


 CHECK CERTIFICATE: check_http -H www.verisign.com -C 30,14

 When the certificate of 'www.verisign.com' is valid for more than 30 days,
 a STATE_OK is returned. When the certificate is still valid, but for less than
 30 days, but more than 14 days, a STATE_WARNING is returned.
 A STATE_CRITICAL will be returned when certificate expires in less than 14 days

Code: Select all

/usr/local/nagios/libexec/check_http -H fs.anz.com -C 45,30

Re: SSL expiry giving wrong results

Posted: Mon Jan 20, 2020 12:01 am
by Pratapa
Thank you.

I used the following and it is resolved.

check_http -H fs.anz.com --ssl -C 40,15 --sni


You may lock this thread. Thank you.

Re: SSL expiry giving wrong results

Posted: Mon Jan 20, 2020 7:21 am
by scottwilkerson
Pratapa wrote:Thank you.

I used the following and it is resolved.

check_http -H fs.anz.com --ssl -C 40,15 --sni


You may lock this thread. Thank you.
Great!

Locking
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited