CERTMON

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
STATUS CODES
EXAMPLE
SEE ALSO
AUTHORS
BUG REPORTS
COPYRIGHT

NAME

certmon - monitor certificate expiration times on remote HTTP server.

SYNOPSIS

certmon [-hqv] -H HOST[:PORT] [-c DURATION] [-w DURATION] [CN...]

DESCRIPTION

A Nagios plugin that monitors expiration time of the remote SSL certificates. The HOST argument supplies the hostname (or IP address) of the host to contact. Optional PORT defines the TCP port (defaults to 443). Optional CN arguments supply the Common Names of the certificates to verify. If not given, the first certificate presented by the host will be used.

By default, the program prints its result in the Nagios plugin output format. This can be altered by the -v and -q options (see the OPTIONS section).

The exit code reflects the status of the check, as described in the section STATUS CODE.

OPTIONS

-H HOST[:PORT]

Hostname or IP address of the host to query. Unless the :PORT part is supplied, port 443 is assumed.

-c DURATION

Critical threshold.

-h

Show a short usage help summary.

-q

Quiet mode: don’t print Nagios plugin output status, but exit with a meaningful status. Does not suppress the verbose output, though (see -v, below).

-v

Verbose mode. Print verbose summary for each CN status.

-w DURATION

Warning threshold.

The DURATION argument is a sequence of decimal numbers, each with optional fraction and a unit suffix (one of h, m, s).

STATUS CODES

0

OK. Expiration times for all certificates do not fall into warning or critical bounds.

1

WARNING. At least one of the certificates expires within the warning interval.

2

CRITICAL. At least one of the certificates expires within the critical interval.

3

UNKNOWN. An error occurred. The diagnostic message output to the standard error explains the details.

EXAMPLE

The following Nagios configuration snippet defines the check_cert command for checking remote certificates and a service that uses it to verify expiration time of certificates for two domain names.

The check will emit warning if the certificate expires within 48 hours and a critical condition if it expires within 24 hours from the moment of the check.

define command {
command_name check_cert
command_line $USER1$/certmon -H $HOSTADDRESS$ -w 48h -c 24h $ARG1$
}

define service {
host_name example.org
service_description Certificate for example.org
check_command check_cert!example.org www.example.org
}

SEE ALSO

nagios(<https://www.nagios.org>).

AUTHORS

Sergey Poznyakoff <gray@gnu.org>

BUG REPORTS

Report bugs to <gray+certmon@gnu.org.ua>.

COPYRIGHT

Copyright © 2019 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Manpage server at man.gnu.org.ua.

Powered by mansrv 1.1