Nagios: Monitor SSL Certs

Nagios: Monitor SSL Certs Nagios has the ability to monitor SSL certificates for expiration. Here’s how to do it:

Steps for Nagios to Monitor SSL Certs

Download the check_ssl_certificate plugin from the nagios exchange site

Update:A better / updated version of the plugin is available for download here ( it is mentioned on previously mentioned nagios plugins page )

Installation:

Edit the script, replacing the line:

use lib "/usr/lib64/nagios/plugins";

with the path to your nagios plugins directory (where utils.pm is located). For me on Ubuntu 10.04 this was

use lib "/usr/lib/nagios/plugins";

Also edit the line:

my $openssl = "/usr/bin/openssl";

with the path to your openssl binary. Then copy the script into your nagios plugins directory, for Ubuntu 10.04 it was

/usr/lib/nagios/plugins

I also updated line 155 – 158 of the script, because it has a bug that allows expired certificates to show up as passing:

if ($daysLeft < 0) {
  print "$PROGNAME: CRITICAL - $cn expired " . abs($daysLeft) . " day(s) ago.\n";
  exit $ERRORS{'CRITICAL'};
} elsif ($daysLeft <= $critical) {

The key part is adding in this line:

exit $ERRORS{'CRITICAL'};

To monitor a site, you will need to set up a configuration, using something like this (edit to suit your needs):

define command {
  command_name    check_ssl_certificate
  command_line    /usr/lib/nagios/plugins/check_ssl_certificate -H $HOSTNAME$
}


define service{
  use                             generic-service
  host_name                       www.yoursite.com
  service_description             check ssl
  check_command                   check_ssl_certificate
  contact_groups                  admins
}

Related Posts:

  • No Related Posts
This entry was posted in Server Admin, Server Administration and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *