Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

check_ssl_cert(1) [debian man page]

check_ssl_cert(1)						   USER COMMANDS						 check_ssl_cert(1)

NAME

       check_ssl_cert - checks the validity of X.509 certificates

SYNOPSIS

       check_ssl_cert -H host [OPTIONS]

DESCRIPTION

       check_ssl_cert A Nagios plugin to check an X.509 certificate:
	- checks if the server is running and delivers a valid certificate
	- checks if the CA matches a given pattern
	- checks the validity

ARGUMENTS

       -H,--host host
	      server

OPTIONS

       -A,--noauth
	      ignore authority warnings (expiration only)

	  --altnames
	      matches the pattern specified in -n with alternate names too

       -C,--clientcert path
	      use client certificate to authenticate

	  --clientpass phrase
	      set passphrase for client certificate.

       -c,--critical days
	      minimum number of days a certificate has to be valid to issue a critical status

       -e,--email address
	      pattern to match the email address contained in the certificate

       -f,--file file
	      local file path (works with -H localhost only)

       -h,--help,-?
	      this help message

       -i,--issuer issuer
	      pattern to match the issuer of the certificate

       -n,---cn name
	      pattern to match the CN of the certificate

       -N,--host-cn
	      match CN with the host name

       -o,--org org
	      pattern to match the organization of the certificate

	  --openssl path
	      path of the openssl binary to be used

       -p,--port port
	      TCP port

       -P,--protocol protocol
	      use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)

       -s,--selfsigned
	      allows self-signed certificates

       -r,--rootcert cert
	      root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)

       -t,--timeout
	      seconds timeout after the specified time (defaults to 15 seconds)

       --temp dir
	      directory where to store the temporary files

       -v,--verbose
	      verbose output

       -V,--version
	      version

       -w,--warning days
	      minimum number of days a certificate has to be valid to issue a warning status

DEPRECATED OPTIONS

       -d,--days days
	      minimum number of days a certificate has to be valid (see --critical and --warning)

SEE ALSO

       x509(1), openssl(1), expect(1)

EXIT STATUS

       check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems

BUGS

       Please report bugs to: Matteo Corti (matteo.corti (at) id.ethz.ch)

AUTHOR

       Matteo Corti (matteo.corti (at) id.ethz.ch) See the AUTHORS file for the complete list of contributors

1.13.0								    April, 2012 						 check_ssl_cert(1)

Check Out this Related Man Page

x509(3openssl)							      OpenSSL							    x509(3openssl)

NAME

       x509 - X.509 certificate handling

SYNOPSIS

	#include <openssl/x509.h>

DESCRIPTION

       A X.509 certificate is a structured grouping of information about an individual, a device, or anything one can imagine.	A X.509 CRL (cer-
       tificate revocation list) is a tool to help determine if a certificate is still valid.  The exact definition of those can be found in the
       X.509 document from ITU-T, or in RFC3280 from PKIX.  In OpenSSL, the type X509 is used to express such a certificate, and the type X509_CRL
       is used to express a CRL.

       A related structure is a certificate request, defined in PKCS#10 from RSA Security, Inc, also reflected in RFC2896.  In OpenSSL, the type
       X509_REQ is used to express such a certificate request.

       To handle some complex parts of a certificate, there are the types X509_NAME (to express a certificate name), X509_ATTRIBUTE (to express a
       certificate attributes), X509_EXTENSION (to express a certificate extension) and a few more.

       Finally, there's the supertype X509_INFO, which can contain a CRL, a certificate and a corresponding private key.

       X509_..., d2i_X509_... and i2d_X509_... handle X.509 certificates, with some exceptions, shown below.

       X509_CRL_..., d2i_X509_CRL_... and i2d_X509_CRL_...  handle X.509 CRLs.

       X509_REQ_..., d2i_X509_REQ_... and i2d_X509_REQ_...  handle PKCS#10 certificate requests.

       X509_NAME_... handle certificate names.

       X509_ATTRIBUTE_... handle certificate attributes.

       X509_EXTENSION_... handle certificate extensions.

SEE ALSO

       X509_NAME_ENTRY_get_object(3), X509_NAME_add_entry_by_txt(3), X509_NAME_add_entry_by_NID(3), X509_NAME_print_ex(3), X509_NAME_new(3),
       d2i_X509(3), d2i_X509_ALGOR(3), d2i_X509_CRL(3), d2i_X509_NAME(3), d2i_X509_REQ(3), d2i_X509_SIG(3), crypto(3), x509v3(3)

OpenSSL-0.9.8							    Oct 11 2005 						    x509(3openssl)
Man Page