Provided by: nagios-plugins-contrib_16.20151226ubuntu0.16.04.1_amd64
NAME
check_ssl_cert - checks the validity of X.509 certificates
SYNOPSIS
check_ssl_cert -H host [OPTIONS]
DESCRIPTION
check_ssl_cert A Nagios plugin to check an X.509 certificate: - checks if the server is running and delivers a valid certificate - checks if the CA matches a given pattern - checks the validity
ARGUMENTS
-H,--host host server
OPTIONS
-A,--noauth ignore authority warnings (expiration only) --altnames matches the pattern specified in -n with alternate names too -C,--clientcert path use client certificate to authenticate --clientpass phrase set passphrase for client certificate. -c,--critical days minimum number of days a certificate has to be valid to issue a critical status -e,--email address pattern to match the email address contained in the certificate -f,--file file local file path (works with -H localhost only) -h,--help,-? this help message --long-output list append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines. Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes. -i,--issuer issuer pattern to match the issuer of the certificate -n,---cn name pattern to match the CN of the certificate -N,--host-cn match CN with the host name --ocsp check revocation via OCSP -o,--org org pattern to match the organization of the certificate --openssl path path of the openssl binary to be used -p,--port port TCP port -P,--protocol protocol use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS) -s,--selfsigned allows self-signed certificates -S,--ssl version force SSL version (2,3) -r,--rootcert cert root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath) -t,--timeout seconds timeout after the specified time (defaults to 15 seconds) --temp dir directory where to store the temporary files --tls1 force TLS version 1 -v,--verbose verbose output -V,--version version -w,--warning days minimum number of days a certificate has to be valid to issue a warning status
DEPRECATED OPTIONS
-d,--days days minimum number of days a certificate has to be valid (see --critical and --warning)
SEE ALSO
x509(1), openssl(1), expect(1), timeout(1)
EXIT STATUS
check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems
BUGS
Please report bugs to: Matteo Corti (matteo (at) corti.li )
AUTHOR
Matteo Corti (matteo (at) corti.li ) See the AUTHORS file for the complete list of contributors