SYNOPSIS
check_ssl_cert -H host [OPTIONS]DESCRIPTION
check_ssl_cert A Nagios plugin to check an X.509 certificate:- checks if the server is running and delivers a valid certificate
- checks if the CA matches a given pattern
- checks the validity
ARGUMENTS
- -H,--host host
- server
OPTIONS
- -A,--noauth
- ignore authority warnings (expiration only)
- --altnames
- matches the pattern specified in -n with alternate names too
- -C,--clientcert path
- use client certificate to authenticate
- --clientpass phrase
- set passphrase for client certificate.
- -c,--critical days
- minimum number of days a certificate has to be valid to issue a critical status
- -e,--email address
- pattern to match the email address contained in the certificate
- -f,--file file
- local file path (works with -H localhost only)
- -h,--help,-?
- this help message
- --long-output list
- append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines. Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
- -i,--issuer issuer
- pattern to match the issuer of the certificate
- -n,---cn name
- pattern to match the CN of the certificate
- -N,--host-cn
- match CN with the host name
- --ocsp
- check revocation via OCSP
- -o,--org org
- pattern to match the organization of the certificate
- --openssl path
- path of the openssl binary to be used
- -p,--port port
- TCP port
- -P,--protocol protocol
- use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)
- -s,--selfsigned
- allows self-signed certificates
- -S,--ssl version
- force SSL version (2,3)
- -r,--rootcert cert
- root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
- -t,--timeout
- seconds timeout after the specified time (defaults to 15 seconds)
- --temp dir
- directory where to store the temporary files
- --tls1
- force TLS version 1
- -v,--verbose
- verbose output
- -V,--version
- version
- -w,--warning days
- minimum number of days a certificate has to be valid to issue a warning status
DEPRECATED OPTIONS
- -d,--days days
-
minimum number of days a certificate has to be valid (see --critical and --warning)
EXIT STATUS
check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problemsBUGS
Please report bugs to: Matteo Corti (matteo (at) corti.li )
AUTHOR
Matteo Corti (matteo (at) corti.li ) See the AUTHORS file for the complete list of contributors