Newer
Older
icinga-plugins / check_certs
Paul Staroch on 23 Mar 2018 781 bytes updated periods for warning/critical state
#!/bin/bash

# for nagios-nrpe-server:
# command[check_certs]=/opt/icinga/check_certs /etc/icinga/certlist
# /etc/icinga/certlist contains a list of SSL certificates, one per line

warning=1728000
critical=864000
for cert in `cat $1`; do
	critical_state=0
	warning_state=0

	# check /etc/sudoers for this: nagios  ALL=(ALL:ALL) NOPASSWD: /usr/bin/openssl
	sudo openssl x509 -in $cert -checkend $critical -out /dev/null || critical_state=1
	sudo openssl x509 -in $cert -checkend $warning -out /dev/null || warning_state=1
	if [ "$critical_state" -eq "1" ]; then
		echo "Certificate $cert will expire shortly."
		exit 2
	fi
	if [ "$warning_state" -eq "1" ]; then
		echo "Certificate $cert will expire shortly."
		exit 1
	fi
done
echo "None of the certificates will expire shortly."