table of contents
other versions
- wheezy 4.20120702
- wheezy-backports 14.20141104~bpo70+1
- jessie 14.20141104
- jessie-backports 21.20170222~bpo8+1
- testing 21.20170222
- unstable 21.20170222
check_ssl_cert(1) | USER COMMANDS | check_ssl_cert(1) |
NAME¶
check_ssl_cert - checks the validity of X.509 certificatesSYNOPSIS¶
check_ssl_cert -H host [OPTIONS]DESCRIPTION¶
check_ssl_cert A Nagios plugin to check an X.509 certificate:- checks if the server is running and delivers a valid certificate
- checks if the CA matches a given pattern
- checks the validity
ARGUMENTS¶
- -H,--host host
- server
OPTIONS¶
- -A,--noauth
- ignore authority warnings (expiration only)
- --altnames
- matches the pattern specified in -n with alternate names too
- -C,--clientcert path
- use client certificate to authenticate
- --clientpass phrase
- set passphrase for client certificate.
- -c,--critical days
- minimum number of days a certificate has to be valid to issue a critical status
- -e,--email address
- pattern to match the email address contained in the certificate
- -f,--file file
- local file path (works with -H localhost only)
- -h,--help,-?
- this help message
- -i,--issuer issuer
- pattern to match the issuer of the certificate
- -n,---cn name
- pattern to match the CN of the certificate
- -N,--host-cn
- match CN with the host name
- -o,--org org
- pattern to match the organization of the certificate
- --openssl path
- path of the openssl binary to be used
- -p,--port port
- TCP port
- -P,--protocol protocol
- use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)
- -s,--selfsigned
- allows self-signed certificates
- -r,--rootcert cert
- root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
- -t,--timeout
- seconds timeout after the specified time (defaults to 15 seconds)
- --temp dir
- directory where to store the temporary files
- -v,--verbose
- verbose output
- -V,--version
- version
- -w,--warning days
- minimum number of days a certificate has to be valid to issue a warning status
DEPRECATED OPTIONS¶
- -d,--days days
- minimum number of days a certificate has to be valid (see
--critical and --warning)
SEE ALSO¶
x509(1), openssl(1), expect(1)EXIT STATUS¶
check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problemsBUGS¶
Please report bugs to: Matteo Corti (matteo.corti (at) id.ethz.ch)AUTHOR¶
Matteo Corti (matteo.corti (at) id.ethz.ch) See the AUTHORS file for the complete list of contributorsApril, 2012 | 1.13.0 |