Re: Scanning for Certificate Expiration

Mark Foster Mon, 23 Aug 2004 14:07:35 -0700

Patrick Heim wrote:

Does anoyne know of a tool or a way to script OpenSSL to:

1.  Connect to an SSL enabled server
2.  Retrieve the server certificate
3.  Parse it for the certificate expiration date


It is easy to setup nagios to give N-days advance notice of expiring certs.

I put this in checkcommands.cfg
# 'check_cert' command definition
define command{
        command_name    check_cert
        command_line    $USER1$/check_http -I $HOSTADDRESS$ -S -C 30
        }

Then in a service definition for the SSL server you want to monitor specify: check_command check_cert!your.host.name http://www.nagios.org/ -- Some days it's just not worth chewing through the restraints... Mark D. Foster, CISSP <[EMAIL PROTECTED]> http://mark.foster.cc/

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: Scanning for Certificate Expiration

Reply via email to