Provided by: nagios-plugins-contrib_21.20170222_amd64 bug


       check_ssl_cert - checks the validity of X.509 certificates


       check_ssl_cert -H host [OPTIONS]


       check_ssl_cert A Nagios plugin to check an X.509 certificate:
        - checks if the server is running and delivers a valid certificate
        - checks if the CA matches a given pattern
        - checks the validity


       -H,--host host


              ignore authority warnings (expiration only)

              matches the pattern specified in -n with alternate names too

       -C,--clientcert path
              use client certificate to authenticate

          --clientpass phrase
              set passphrase for client certificate.

       -c,--critical days
              minimum number of days a certificate has to be valid to issue a critical status

              produces debugging output

              cipher selection: force ECDSA authentication

       -e,--email address
              pattern to match the email address contained in the certificate

       -f,--file file
              local file path (works with -H localhost only)

          --file-bin path
              path of the file binary to be used"

              this help message

              ignore expiration date

              do not check if the certificate was signed with SHA1 or MD5

              do not check revocation with OCSP

       -i,--issuer issuer
              pattern to match the issuer of the certificate

       -L,--check-ssl-labs grade
              SSL Labs assestment (please check

              Forces a new check by SSL Labs (see -L)

          --long-output list
              append  the  specified comma separated (no spaces) list of attributes to the plugin
              output on additional lines.  Valid attributes  are:  enddate,  startdate,  subject,
              issuer,  modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include
              all the available attributes.

       -n,---cn name
              pattern to match the CN of the certificate (can be specified multiple times)

              disable SSL version 2

              disable SSL version 3

              disable TLS version 1

              disable TLS version 1.1

              disable TLS version 1.2

              match CN with the host name

       -o,--org org
              pattern to match the organization of the certificate

          --openssl path
              path of the openssl binary to be used

       -p,--port port
              TCP port

       -P,--protocol protocol
              use the specific protocol: http (default), irc  or  smtp,pop3,imap,ftp  (switch  to

              allows self-signed certificates

          --serial serialnum
              pattern to match the serial number

              force SSL version 2

              force SSL version 3

       -r,--rootcert cert
              root  certificate  or  directory  to  be  used for certficate validation (passed to
              openssl's -CAfile or -CApath)

              cipher selection: force RSA authentication

              seconds timeout after the specified time (defaults to 15 seconds)

          --temp dir
              directory where to store the temporary files

              force TLS version 1

              verbose output


       -w,--warning days
              minimum number of days a certificate has to be valid to issue a warning status


       -d,--days days
              minimum number of days a certificate has to be valid (see --critical and --warning)

              check revocation via OCSP

       -S,--ssl version
              force SSL version (2,3) (see: --ss2 or --ssl3)


       If the host has multiple certificates and  the  installed  openssl  version  supports  the
       -servername  option  it is possible to specify the TLS SNI (Server Name Idetificator) with
       the -N (or --host-cn) option.


       x509(1), openssl(1), expect(1), timeout(1)


       check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for  a
       critical errors and 3 for unknown problems


       Please report bugs to: Matteo Corti (matteo (at) )


       Matteo  Corti  (matteo  (at)  )  See  the  AUTHORS file for the complete list of