Checks check ssl

Table of Contents

Check ssl

Script: check_ssl

check_ssl_certs is a plugin to check an ssl connection to a host on given port. You can check

  • remote application with Https, ladps and all other ssl protocols “ connect to localhost to check ssl for an FQDN

It returns OK

  • if ssl certificate is calid and runs longer than warning limit in (default: 28 d)

… or warning

  • if ssl certificate is valid between critical (7d) and below warning limt

… or error

  • connect failed
  • if ssl certificate is valid below critical limit (7d)
  • ssl certificate is invalid

… or unknown

  • openssl was not found
  • connect was successful but another domain was found

Requirements

  • openssl client

Standalone installation

From this repository you need next to this script:

  • inc_pluginfunctions shared function for all IML checks written in bash

Syntax

Start the script with ‘-h’ to get the help.

______________________________________________________________________

CHECK_SSL
v1.7

(c) Institute for Medical Education - University of Bern
Licence: GNU GPL 3

https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ssl.html
______________________________________________________________________

Check if ssl certificate of a given domain is still valid.
You can check https or any other port of a ssl enabled service like LDAPS, 
IMPAS and others.

You can customize the values for warning and critical level.

SYNTAX: check_ssl [options] DOMAIN [PORT]

OPTIONS
    -h        Show help and exit
    -l        Flag: connect to localhost
    -w VALUE  warning level for expiration in days (default: 28)
    -c VALUE  critical level for expiration in days (default: 7)

PARAMETERS
    DOMAIN    domain to verify the ssl vertificate from (required)
    PORT      optional: port number to connect (default: 443)


EXAMPLES

    check_ssl www.iml.unibe.ch 443
        Check https port 443

    check_ssl -w 30 -c 14 ldap.example.com 636
        Check ldaps port 636 and set custom warning and critical level

    check_ssl -l app.example.com 8000
        Check locally running proxied app without opened port via localhost

Examples

Check Website with https

To check a domain name on port 443 add the domain to connect as parameter. The port number 443 is default and not needed.

./check_ssl www.iml.unibe.ch
OK: www.iml.unibe.ch:443 - valid to Apr 23 00:38:13 2025 GMT (69 days left)

Check Ldaps

./check_ssl ldap.example.com 636
OK: ldap.example.com:636 - valid to Apr  6 00:44:42 2025 GMT (52 days left)