Provided by: nagios-plugins-contrib_16.20151226ubuntu0.16.04.1_amd64 bug

NAME
       check_ssl_cert - checks the validity of X.509 certificates


SYNOPSIS
       check_ssl_cert -H host [OPTIONS]


DESCRIPTION
       check_ssl_cert A Nagios plugin to check an X.509 certificate:
        - checks if the server is running and delivers a valid certificate
        - checks if the CA matches a given pattern
        - checks the validity


ARGUMENTS
       -H,--host host
              server


OPTIONS
       -A,--noauth
              ignore authority warnings (expiration only)

          --altnames
              matches the pattern specified in -n with alternate names too

       -C,--clientcert path
              use client certificate to authenticate

          --clientpass phrase
              set passphrase for client certificate.

       -c,--critical days
              minimum number of days a certificate has to be valid to issue a critical status

       -e,--email address
              pattern to match the email address contained in the certificate

       -f,--file file
              local file path (works with -H localhost only)

       -h,--help,-?
              this help message

       --long-output list
              append  the  specified comma separated (no spaces) list of attributes to the plugin
              output on additional lines.  Valid attributes  are:  enddate,  startdate,  subject,
              issuer,  modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include
              all the available attributes.

       -i,--issuer issuer
              pattern to match the issuer of the certificate

       -n,---cn name
              pattern to match the CN of the certificate

       -N,--host-cn
              match CN with the host name

       --ocsp check revocation via OCSP

       -o,--org org
              pattern to match the organization of the certificate

          --openssl path
              path of the openssl binary to be used

       -p,--port port
              TCP port

       -P,--protocol protocol
              use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)

       -s,--selfsigned
              allows self-signed certificates

       -S,--ssl version
              force SSL version (2,3)

       -r,--rootcert cert
              root certificate or directory to be  used  for  certficate  validation  (passed  to
              openssl's -CAfile or -CApath)

       -t,--timeout
              seconds timeout after the specified time (defaults to 15 seconds)

       --temp dir
              directory where to store the temporary files

       --tls1 force TLS version 1

       -v,--verbose
              verbose output

       -V,--version
              version

       -w,--warning days
              minimum number of days a certificate has to be valid to issue a warning status


DEPRECATED OPTIONS
       -d,--days days
              minimum number of days a certificate has to be valid (see --critical and --warning)


SEE ALSO
       x509(1), openssl(1), expect(1), timeout(1)


EXIT STATUS
       check_ssl_cert  returns a zero exist status if it finds no errors, 1 for warnings, 2 for a
       critical errors and 3 for unknown problems


BUGS
       Please report bugs to: Matteo Corti (matteo (at) corti.li )


AUTHOR
       Matteo Corti (matteo (at) corti.li ) See  the  AUTHORS  file  for  the  complete  list  of
       contributors