diff -Naur -x '*.orig' -x '*.rej' -x '*~' -x '*.swp' nagios-plugins-1.4.14/plugins/check_ldap.c nagios-plugins-1.4.14-check_ldap_certificate/plugins/check_ldap.c
--- nagios-plugins-1.4.14/plugins/check_ldap.c	2009-02-20 00:55:23.000000000 +0100
+++ nagios-plugins-1.4.14-check_ldap_certificate/plugins/check_ldap.c	2009-09-20 23:54:15.000000000 +0200
@@ -71,6 +71,9 @@
 int ssl_on_connect = FALSE;
 int verbose = 0;
 
+int check_cert = FALSE;
+int days_till_exp;
+
 /* for ldap tls */
 
 char *SERVICE = "LDAP";
@@ -156,6 +159,9 @@
 			printf (_("Could not init TLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
 		}
+
+		if (check_cert == TRUE)
+			return ldap_check_cert(ld);
 #else
 		printf (_("TLS not supported by the libraries!\n"));
 		return STATE_CRITICAL;
@@ -180,6 +186,9 @@
 			printf (_("Could not init startTLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
 		}
+
+		if (check_cert == TRUE)
+			return ldap_check_cert(ld);
 #else
 		printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
 		return STATE_CRITICAL;
@@ -257,6 +266,7 @@
 #endif
 		{"starttls", no_argument, 0, 'T'},
 		{"ssl", no_argument, 0, 'S'},
+        {"certificate", required_argument, 0, 'C'},
 		{"use-ipv4", no_argument, 0, '4'},
 		{"use-ipv6", no_argument, 0, '6'},
 		{"port", required_argument, 0, 'p'},
@@ -275,7 +285,7 @@
 	}
 
 	while (1) {
-		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -337,6 +347,18 @@
 			else
 				usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
 			break;
+		case 'C': /* Check SSL cert validity */
+			if (starttls || ssl_on_connect || strstr(argv[0],"check_ldaps")) {
+				if (!is_intnonneg (optarg))
+					usage2 (_("Invalid certificate expiration period"), optarg);
+				else {
+					days_till_exp = atoi (optarg);
+					check_cert = TRUE;
+				}
+			} else {
+				usage_va(_("%s requires either %s or %s"), "-C/--certificate", "-S/--ssl", "-T/--starttls");
+			}
+			break;
 		case 'S':
 			if (! starttls) {
 				ssl_on_connect = TRUE;
@@ -415,6 +437,9 @@
   printf (" %s\n", "-S [--ssl]");
   printf ("    %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
 
+  printf (" %s\n", "-C [--certificate]");
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid"));
+
 #ifdef HAVE_LDAP_SET_OPTION
 	printf (" %s\n", "-2 [--ver2]");
   printf ("    %s\n", _("use ldap protocol version 2"));
@@ -454,7 +479,7 @@
 {
   printf (_("Usage:"));
 	printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
-  printf ("\n       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
+  printf ("\n       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-C <age>]%s\n",
 #ifdef HAVE_LDAP_SET_OPTION
 			"\n       [-2|-3] [-4|-6]"
 #else
@@ -462,3 +487,16 @@
 #endif
 			);
 }
+
+int ldap_check_cert (LDAP *ld)
+{
+	SSL *ssl;
+	int rc;
+
+	rc = ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl);
+	if (rc == LDAP_OPT_ERROR || ssl == NULL) {
+		printf ("%s\n",_("CRITICAL - Cannot retrieve ssl session from connection."));
+		return STATE_CRITICAL;
+	}
+	return np_net_ssl_check_cert_real(ssl, days_till_exp);
+}
diff -Naur -x '*.orig' -x '*.rej' -x '*~' -x '*.swp' nagios-plugins-1.4.14/plugins/Makefile.am nagios-plugins-1.4.14-check_ldap_certificate/plugins/Makefile.am
--- nagios-plugins-1.4.14/plugins/Makefile.am	2009-06-06 09:04:48.000000000 +0200
+++ nagios-plugins-1.4.14-check_ldap_certificate/plugins/Makefile.am	2009-09-20 23:54:15.000000000 +0200
@@ -72,7 +72,7 @@
 check_game_LDADD = $(BASEOBJS) runcmd.o
 check_http_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS)
 check_hpjd_LDADD = $(NETLIBS) popen.o
-check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
+check_ldap_LDADD = $(SSLOBJS) $(NETLIBS) $(LDAPLIBS)
 check_load_LDADD = $(BASEOBJS) popen.o
 check_mrtg_LDADD = $(BASEOBJS)
 check_mrtgtraf_LDADD = $(BASEOBJS)
@@ -118,7 +118,7 @@
 check_http_DEPENDENCIES = check_http.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
 check_hpjd_DEPENDENCIES = check_hpjd.c $(NETOBJS) popen.o $(DEPLIBS)
 check_ide_smart_DEPENDENCIES = check_ide_smart.c $(BASEOBJS) $(DEPLIBS)
-check_ldap_DEPENDENCIES = check_ldap.c $(NETOBJS) $(DEPLIBS)
+check_ldap_DEPENDENCIES = check_ldap.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
 check_load_DEPENDENCIES = check_load.c $(BASEOBJS) popen.o $(DEPLIBS)
 check_mrtg_DEPENDENCIES = check_mrtg.c $(DEPLIBS)
 check_mrtgtraf_DEPENDENCIES = check_mrtgtraf.c $(DEPLIBS)
diff -Naur -x '*.orig' -x '*.rej' -x '*~' -x '*.swp' nagios-plugins-1.4.14/plugins/netutils.h nagios-plugins-1.4.14-check_ldap_certificate/plugins/netutils.h
--- nagios-plugins-1.4.14/plugins/netutils.h	2009-05-21 23:11:51.000000000 +0200
+++ nagios-plugins-1.4.14-check_ldap_certificate/plugins/netutils.h	2009-09-20 23:54:15.000000000 +0200
@@ -104,6 +104,7 @@
 int np_net_ssl_write(const void *buf, int num);
 int np_net_ssl_read(void *buf, int num);
 int np_net_ssl_check_cert(int days_till_exp);
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp);
 #endif /* HAVE_SSL */
 
 #endif /* _NETUTILS_H_ */
diff -Naur -x '*.orig' -x '*.rej' -x '*~' -x '*.swp' nagios-plugins-1.4.14/plugins/sslutils.c nagios-plugins-1.4.14-check_ldap_certificate/plugins/sslutils.c
--- nagios-plugins-1.4.14/plugins/sslutils.c	2009-05-21 23:11:51.000000000 +0200
+++ nagios-plugins-1.4.14-check_ldap_certificate/plugins/sslutils.c	2009-09-20 23:57:58.000000000 +0200
@@ -96,6 +96,15 @@
 
 int np_net_ssl_check_cert(int days_till_exp){
 #  ifdef USE_OPENSSL
+	return np_net_ssl_check_cert_real(s, days_till_exp);
+#  else /* ifndef USE_OPENSSL */
+	printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
+	return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp){
+#  ifdef USE_OPENSSL
 	X509 *certificate=NULL;
 	ASN1_STRING *tm;
 	int offset;