Nagios Support Forum

Team,

We got a request to monitor URL Certificate expiration.
They have provided URl consisting of .crl.

Could you please help me how to implement this in Nagios XI.

You could check an SSL certificate using the check_ssl_cert plugin. Are the addresses in question reachable from your Nagios XI machine? Are they hosting web applications with SSL certificates, or is it some other kind of certificate?
https://exchange.nagios.org/directory/P ... rt/details

I do not believe that Nagios currently offers a way to natively read a .crl file, but there are a couple plugins on the Exchange that may suit your needs.
https://exchange.nagios.org/directory/P ... rt/details
https://exchange.nagios.org/directory/P ... rl/details

Does that help? Please let me know if I can answer any more specific questions. The best solution can vary based on network architecture and security protocols in place at your particular organization.

Thanks for the update.

Please check the actual URL below:
http://pkicorp.com/CA%20ROOT%.crl


Looks the below article may work for this requirement.
https://exchange.nagios.org/directory/P ... rl/details

Kindly let me know how to proceed/steps to implement this in Nagios XI.
I mean what i have to do in Nagios Server with this new plugin.

I am not able to reach that URL. Is it possible that one of the characters in it was misinterpreted? Please verify whether the link is correct and available external to your organization.
https://www.w3schools.com/tags/ref_urlencode.ASP

You will need to download the plugin > extract it > then navigate to the Admin section of Nagios XI using the bar on top > click Manage Plugins under System Extensions > click Upload Plugin > then upload the [ plugin name ].php file from the folder you decompressed earlier.
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

HI,

Im not able to download plugin stated in below article provided by you.
https://exchange.nagios.org/directory/P ... rl/details

Could you please check whether you are able to download, if yes, please provide me here.
I will work on that.

Whups! Sorry about that. I didn't realize that one was not being maintained. I am getting a notification that the certificate is not secure and then the link does not resolve to a page.

I will look to see if there are other options to monitor a set of SSL certificates for expiry by way of a .CRL file.

HI,

I sent you PM with the actual requirement.
Please check and help me.

You may have better luck with the check_url plugin. I had to modify a couple lines of the Perl script, but was able to get it working.

I also found another plugin that looks fairly promising. I will test that one out tomorrow and let you know if it works better than the other ones. This one is written in Python 3. Do you have that installed on your system?
LINK

To get the check_crl plugin working, I had to first download the .crl file to pass through the -f option. Then modify several lines in the plugin script, named check_crl, located in /usr/local/nagios/libexec.
change
use lib "/usr/lib/nagios/plugins" ;
to
use lib "/usr/local/nagios/libexec" ;
and
change
my $crl_zeit = qx(/usr/bin/openssl crl -noout -text -in $datei | /bin/grep " Next Update:");
to
my $crl_zeit = qx(/usr/bin/openssl crl -inform DER -noout -text -in $datei | /bin/grep " Next Update:");

You will probably also have to precede the command with the following string to force use of the default language. Then test the plugin from the command line to make sure that it works. If the output looks similar to the following, that means it worked!

OK CRL Restzeit: 64 Tage, 21 Stunden, 42 Minuten und 31 Sekunden.

Those are the modifications I had to make to get this plugin to work on my CentOS 7 system, you may have to make different ones.

Hi,

Thanks for the update. Nagios is hosted on RHEL.
I am not able to see the "check_crl" plugin at /usr/local/nagios/libexec.

[root@p01 ~]# cd /usr/local/nagios/libexec
[root@p01 libexec]# ls -l check_crl
ls: check_crl: No such file or directory
[root@glnagiosp01 libexec]#


I require your help on below items to implement this.

Provide me plugin file which I have to upload in our Nagios XI.
Provide me command line which I need to use while defining the command.