Provided by: nagios-plugins-contrib_16.20151226_amd64 bug


       check_ssl_cert - checks the validity of X.509 certificates


       check_ssl_cert -H host [OPTIONS]


       check_ssl_cert A Nagios plugin to check an X.509 certificate:
        - checks if the server is running and delivers a valid certificate
        - checks if the CA matches a given pattern
        - checks the validity


       -H,--host host


              ignore authority warnings (expiration only)

              matches the pattern specified in -n with alternate names too

       -C,--clientcert path
              use client certificate to authenticate

          --clientpass phrase
              set passphrase for client certificate.

       -c,--critical days
              minimum number of days a certificate has to be valid to issue a critical status

       -e,--email address
              pattern to match the email address contained in the certificate

       -f,--file file
              local file path (works with -H localhost only)

              this help message

       --long-output list
              append  the  specified comma separated (no spaces) list of attributes to the plugin
              output on additional lines.  Valid attributes  are:  enddate,  startdate,  subject,
              issuer,  modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include
              all the available attributes.

       -i,--issuer issuer
              pattern to match the issuer of the certificate

       -n,---cn name
              pattern to match the CN of the certificate

              match CN with the host name

       --ocsp check revocation via OCSP

       -o,--org org
              pattern to match the organization of the certificate

          --openssl path
              path of the openssl binary to be used

       -p,--port port
              TCP port

       -P,--protocol protocol
              use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)

              allows self-signed certificates

       -S,--ssl version
              force SSL version (2,3)

       -r,--rootcert cert
              root certificate or directory to be  used  for  certficate  validation  (passed  to
              openssl's -CAfile or -CApath)

              seconds timeout after the specified time (defaults to 15 seconds)

       --temp dir
              directory where to store the temporary files

       --tls1 force TLS version 1

              verbose output


       -w,--warning days
              minimum number of days a certificate has to be valid to issue a warning status


       -d,--days days
              minimum number of days a certificate has to be valid (see --critical and --warning)


       x509(1), openssl(1), expect(1), timeout(1)


       check_ssl_cert  returns a zero exist status if it finds no errors, 1 for warnings, 2 for a
       critical errors and 3 for unknown problems


       Please report bugs to: Matteo Corti (matteo (at) )


       Matteo Corti (matteo (at) ) See  the  AUTHORS  file  for  the  complete  list  of