I wrote a quite unuseful check for nagios to remind me to renew my SSL certificate. This is the definition in commands.cfg file
define command{
command_name check_ssl_expiration
command_line /usr/lib/nagios/plugins/check_ssl_expiration.sh $ARG1$ $ARG2$ $ARG3$ $ARG4$
}
and this the check_ssl_expiration.sh script
#!/bin/bash
# input parameters
MYSRV=$1
MYPORT=$2
DAYWARN=$3
DAYCRIT=$4
# return values
RET_OK=”0″
RET_WARN=”1″
RET_CRIT=”2″
RET_UNKN=”3″
TEMPFILE=/tmp/.$$certtest.pem
# check data input
checkdata () {
VAL=`echo $2 | wc | awk ‘{print $2}’`
if [ $VAL -eq 0 ]; then
echo $1 is not set
exit $RET_UNKN
fi
}
checkdata “HTTPS server name” $MYSRV
checkdata “HTTPS PORT” $MYPORT
checkdata “warning threshold” $DAYWARN
checkdata “critical error threshold” $DAYCRIT
echo | openssl s_client -connect $MYSRV:$MYPORT 2> /dev/null | sed -ne ‘/-BEGIN CERT/,/-END CERT/p’ > $TEMPFILE 2>/dev/null
EXPDATE=`openssl x509 -noout -in $TEMPFILE -dates|grep notAfter|sed -e “s/.*notAfter=//”`
rm $TEMPFILE
EXPSEC=`date “+%s” –date=”$EXPDATE”`
NOWSEC=`date “+%s”`
DAYLEFT=`expr \( $EXPSEC – $NOWSEC \) / 86400`
# $DAYLEFT days left to SSL certificate expiration
if [ $DAYLEFT -le $DAYCRIT ]; then
echo “ERROR – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_CRIT
fi
if [ $DAYLEFT -le $DAYWARN ]; then
echo “WARNING – $DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_WARN
fi
echo “$DAYLEFT days left to SSL certificate expiration for $MYSRV:$MYPORT”
exit $RET_OK
Off course I scheduled this check once a day.
