1
.\" Process this file with
2
.\" groff -man -Tascii foo.1
4
.TH "check_ssl_cert" 1 "May, 2013" "1.14.6" "USER COMMANDS"
6
check_ssl_cert \- checks the validity of X.509 certificates
8
.BR "check_ssl_cert " "-H host [OPTIONS]"
11
A Nagios plugin to check an X.509 certificate:
12
- checks if the server is running and delivers a valid certificate
13
- checks if the CA matches a given pattern
17
.BR "-H,--host" " host"
22
ignore authority warnings (expiration only)
25
matches the pattern specified in -n with alternate names too
27
.BR "-C,--clientcert" " path"
28
use client certificate to authenticate
30
.BR " --clientpass" " phrase"
31
set passphrase for client certificate.
33
.BR "-c,--critical" " days"
34
minimum number of days a certificate has to be valid to issue a critical status
36
.BR "-e,--email" " address"
37
pattern to match the email address contained in the certificate
39
.BR "-f,--file" " file"
40
local file path (works with -H localhost only)
45
.BR "--long-output" " list"
46
append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines.
47
Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
49
.BR "-i,--issuer" " issuer"
50
pattern to match the issuer of the certificate
52
.BR "-n,---cn" " name"
53
pattern to match the CN of the certificate
56
match CN with the host name
59
pattern to match the organization of the certificate
61
.BR " --openssl" " path"
62
path of the openssl binary to be used
64
.BR "-p,--port" " port"
67
.BR "-P,--protocol" " protocol"
68
use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)
71
allows self-signed certificates
73
.BR "-r,--rootcert" " cert"
74
root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
77
seconds timeout after the specified time (defaults to 15 seconds)
80
directory where to store the temporary files
88
.BR "-w,--warning" " days"
89
minimum number of days a certificate has to be valid to issue a warning status
90
.SH DEPRECATED OPTIONS
92
.BR "-d,--days" " days"
93
minimum number of days a certificate has to be valid (see --critical and --warning)
96
x509(1), openssl(1), expect(1), timeout(1)
98
check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems
100
Please report bugs to: Matteo Corti (matteo.corti (at) id.ethz.ch)
103
Matteo Corti (matteo.corti (at) id.ethz.ch)
104
See the AUTHORS file for the complete list of contributors