Sophie

Sophie

distrib > Mageia > 1 > x86_64 > by-pkgid > b3af4c0646cf42de135b930e1a7b4270 > files > 9

nagios-check_ssl_cert-1.9.1-2.mga1.noarch.rpm


 (c) Matteo Corti, ETH Zurich, 2007-2011

  see AUTHORS for the complete list of contributors

check_ssl_cert

A Nagios plugin to check an X.509 certificate:
 - checks if the server is running and delivers a valid certificate
 - checks if the CA matches a given pattern
 - checks the validity

Usage:
======

check_ssl_cert -H host [OPTIONS]

Arguments:
   -H,--host host         server

Options:
   -c,--critical days     minimum number of days a certificate has to be valid
                          to issue a critical status
   -e,--email address     pattern to match the email address contained in the
                          certificate
   -f,--file file         local file path (works with -H localhost only)
   -h,--help,-?           this help message
   -i,--issuer issuer     pattern to match the issuer of the certificate
   -n,---cn name          pattern to match the CN of the certificate
   -N,--host-cn           match CN with the host name
                          (will not work for wildcards)
   -o,--org org           pattern to match the organization of the certificate
   -p,--port port         TCP port
   -P,--protocol protocol switch to TLS and use specific protocol
                          {smtp|pop3|imap|ftp}
   -s,--selfsigned        allows self-signed certificates
   -r,--rootcert path     root certificate or directory to be used for
                          certficate validation
   -t,--timeout           seconds timeout after the specified time
                          (defaults to 15 seconds and requires 'expect')
   -v,--verbose           verbose output
   -V,--version           version
   -w,--warning days      minimum number of days a certificate has to be valid
                          to issue a warning status

Deprecated options:
   -d,--days days         minimum number of days a certificate has to be valid
                          (see --critical and --warning)

Expect:
=======

check_ssl_cert requires 'expect' to enable timouts. If expect is not
present on your system timeouts will be disabled.

See: http://en.wikipedia.org/wiki/Expect

Virtual servers:
================

check_ssl_client supports the servername TLS extension in ClientHello
if the installed openssl version provides it. This is needed if you
are checking a machine with virtual hosts.

Notes:
======

the root certificate corresponding to the checked certificate must be
available to openssl or specified with the '-r cabundle' or
'--rootcert cabundle' option, where cabundle is either a file for -CAfile
or a directory for -CApath.

On Mac OS X the root certificates bundle is stored in the Keychain and
openssl will complain with:

   verification error: unable to get local issuer certificate

The bundle can be extracted with:

$ sudo security find-certificate -a \
  -p /System/Library/Keychains/SystemRootCertificates.keychain > cabundle.crt

Bugs:
=====

Report bugs to: Matteo Corti <matteo.corti@id.ethz.ch>

# File version information:
# $Id: AUTHORS 1103 2009-12-07 07:49:19Z corti $
# $Revision: 1103 $
# $HeadURL: https://svn.id.ethz.ch/nagios_plugins/check_updates/AUTHORS $
# $Date: 2009-12-07 08:49:19 +0100 (Mon, 07 Dec 2009) $

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional