Nagios has the ability to monitor SSL certificates for expiration. Here’s how to do it:
###Steps for Nagios to Monitor SSL Certs
Download the check_ssl_certificate plugin from the nagios exchange site
Update:A better / updated version of the plugin is available for download [here](https://subversion.ceres.auckland.ac.nz/BeSTGRID/df/scripts/check_ssl_certificate) ( it is mentioned on previously mentioned nagios plugins page )
Installation:
Edit the script, replacing the line:
use lib “/usr/lib64/nagios/plugins”;
with the path to your nagios plugins directory (where utils.pm is located). For me on Ubuntu 10.04 this was
use lib “/usr/lib/nagios/plugins”;
Also edit the line:
my $openssl = “/usr/bin/openssl”;
with the path to your openssl binary. Then copy the script into your nagios plugins directory, for Ubuntu 10.04 it was
/usr/lib/nagios/plugins
I also updated line 155 – 158 of the script, because it has a bug that allows expired certificates to show up as passing:
if ($daysLeft < 0) { print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n"; exit $ERRORS{'CRITICAL'}; } elsif ($daysLeft <= $critical) { The key part is adding in this line: exit $ERRORS{'CRITICAL'}; To monitor a site, you will need to set up a configuration, using something like this (edit to suit your needs): define command { command_name check_ssl_certificate command_line /usr/lib/nagios/plugins/check_ssl_certificate -H $HOSTNAME$ } define service{ use generic-service host_name www.yoursite.com service_description check ssl check_command check_ssl_certificate contact_groups admins }
