Nagios: Monitor SSL Certs

Posted on

Nagios: Monitor SSL Certs Nagios has the ability to monitor SSL certificates for expiration. Here’s how to do it:

Steps for Nagios to Monitor SSL Certs

Download the checksslcertificate plugin from the nagios exchange site

Installation:

Edit the script, replacing the line:

use lib "/usr/lib64/nagios/plugins";

with the path to your nagios plugins directory (where utils.pm is located). For me on Ubuntu 10.04 this was

use lib "/usr/lib/nagios/plugins";

Also edit the line:

my $openssl = "/usr/bin/openssl";

with the path to your openssl binary. Then copy the script into your nagios plugins directory, for Ubuntu 10.04 it was

/usr/lib/nagios/plugins

I also updated line 155 – 158 of the script, because it has a bug that allows expired certificates to show up as passing:

if ($daysLeft < 0) {
  print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
  exit $ERRORS{'CRITICAL'};
} elsif ($daysLeft <= $critical) {

The key part is adding in this line:

exit $ERRORS{'CRITICAL'};

Related Posts:

This entry was posted in Server Admin, Server Administration and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>