check_ssl_cert(1) checks the validity of X.509 certificates


check_ssl_cert -H host [OPTIONS]


check_ssl_cert A Nagios plugin to check an X.509 certificate:
 - checks if the server is running and delivers a valid certificate
 - checks if the CA matches a given pattern
 - checks the validity


-H,--host host


ignore authority warnings (expiration only)
matches the pattern specified in -n with alternate names too
-C,--clientcert path
use client certificate to authenticate
--clientpass phrase
set passphrase for client certificate.
-c,--critical days
minimum number of days a certificate has to be valid to issue a critical status
-e,--email address
pattern to match the email address contained in the certificate
-f,--file file
local file path (works with -H localhost only)
this help message
--long-output list
append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines. Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
-i,--issuer issuer
pattern to match the issuer of the certificate
-n,---cn name
pattern to match the CN of the certificate
match CN with the host name
check revocation via OCSP
-o,--org org
pattern to match the organization of the certificate
--openssl path
path of the openssl binary to be used
-p,--port port
TCP port
-P,--protocol protocol
use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)
allows self-signed certificates
-S,--ssl version
force SSL version (2,3)
-r,--rootcert cert
root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
seconds timeout after the specified time (defaults to 15 seconds)
--temp dir
directory where to store the temporary files
force TLS version 1
verbose output
-w,--warning days
minimum number of days a certificate has to be valid to issue a warning status


-d,--days days
minimum number of days a certificate has to be valid (see --critical and --warning)


check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems


Please report bugs to: Matteo Corti (matteo (at) )


Matteo Corti (matteo (at) ) See the AUTHORS file for the complete list of contributors