LoginHelp/GuideAbout TracPreferences
WikiTimelineRoadmapBrowse SourceView TicketsNew TicketSearchDownloads


check_ssl_cert is a Nagios plugin to check the CA and validity of an X.509 certificate

see the INSTALL file for installation instructions


Usage: check_ssl_cert -H host [OPTIONS]

   -H,--host host         server

   -A,--noauth            ignore authority warnings (expiration only)
      --altnames          matches the pattern specified in -n with alternate names too
   -C,--clientcert path   use client certificate to authenticate
      --clientpass phrase set passphrase for client certificate
   -c,--critical days     minimum number of days a certificate has to be valid
                          to issue a critical status
   -e,--email address     pattern to match the email address contained in the
   -f,--file file         local file path (works with -H localhost only)
   -h,--help,-?           this help message
   -i,--issuer issuer     pattern to match the issuer of the certificate
      --long-output list  append the specified comma separated (no spaces) list
                          of attributes to the plugin output on additional lines.
                          Valid attributes are:
                            enddate, startdate, subject, issuer, modulus, serial,
                            hash, email, ocsp_uri and fingerprint.
                          'all' will include all the available attributes.
   -n,---cn name          pattern to match the CN of the certificate
   -N,--host-cn           match CN with the host name
      --ocsp              check revocation via OCSP
   -o,--org org           pattern to match the organization of the certificate
      --openssl path      path of the openssl binary to be used
   -p,--port port         TCP port
   -P,--protocol protocol use the specific protocol {http|smtp|pop3|imap|ftp|xmpp}
                          http:               default
                          smtp,pop3,imap,ftp: switch to TLS
   -s,--selfsigned        allows self-signed certificates
   -S,--ssl version       force SSL version (2,3)
   -r,--rootcert path     root certificate or directory to be used for
                          certficate validation
   -t,--timeout           seconds timeout after the specified time
                          (defaults to 15 seconds)
      --temp dir          directory where to store the temporary files
      --tls1              force TLS version 1
   -v,--verbose           verbose output
   -V,--version           version
   -w,--warning days      minimum number of days a certificate has to be valid
                          to issue a warning status

Deprecated options:
   -d,--days days         minimum number of days a certificate has to be valid
                          (see --critical and --warning)


Problems and suggestions


Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne graphische Elemente dargestellt. Die Funktionalität der Website ist aber trotzdem gewährleistet. Wenn Sie diese Website regelmässig benutzen, empfehlen wir Ihnen, auf Ihrem Computer einen aktuellen Browser zu installieren. Weitere Informationen finden Sie auf
folgender Seite.

Important Note:
The content in this site is accessible to any browser or Internet device, however, some graphics will display correctly only in the newer versions of Netscape. To get the most out of our site we suggest you upgrade to the newer browser.
More information

© 2005 ETH Zürich | Imprint | 26.09.2007 | Version 0.12