Tag Archives: ssl certs

Nagios: Monitor SSL Certs

Nagios has the ability to monitor SSL certificates for expiration. Here’s how to do it: Steps for Nagios to Monitor SSL Certs Download the check_ssl_certificate plugin from the nagios exchange site Update:A better / updated version of the plugin is available for download here ( it is mentioned on previously mentioned nagios plugins page ) Installation: Edit the script, replacing the line: use lib “/usr/lib64/nagios/plugins”; with the path to your nagios plugins directory (where utils.pm is located). For me on Ubuntu 10.04 this was use lib “/usr/lib/nagios/plugins”; Also edit the line: my $openssl = “/usr/bin/openssl”; with the path to your openssl binary. Then copy the script into your nagios plugins directory, for Ubuntu 10.04 it was /usr/lib/nagios/plugins I also updated line 155 – 158 of the script, because it has a bug that allows expired certificates to show up as passing: if ($daysLeft < 0) { print “$PROGNAME: CRITICAL – $cn expired ” . abs($daysLeft) . ” day(s) ago.\n”; exit $ERRORS{‘CRITICAL’}; } elsif ($daysLeft <= $critical) { The key part is adding in this line: exit $ERRORS{‘CRITICAL’}; To monitor a site, you will need to set up a configuration, using something like this (edit to suit your needs): define command { command_name check_ssl_certificate command_line /usr/lib/nagios/plugins/check_ssl_certificate -H $HOSTNAME$ } define service{ use generic-service host_name www.yoursite.com service_description check ssl check_command check_ssl_certificate contact_groups admins }

Posted in Server Admin, Server Administration | Tagged , , , | Leave a comment