debian man page for check_ssl_cert

Debian Man Pages All Man Pages Latest Topics Forum Categories

Query: check_ssl_cert

OS: debian

Section: 1

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

check_ssl_cert(1)						   USER COMMANDS						 check_ssl_cert(1)


NAME

       check_ssl_cert - checks the validity of X.509 certificates


SYNOPSIS

       check_ssl_cert -H host [OPTIONS]


DESCRIPTION

       check_ssl_cert A Nagios plugin to check an X.509 certificate:
	- checks if the server is running and delivers a valid certificate
	- checks if the CA matches a given pattern
	- checks the validity


ARGUMENTS

       -H,--host host
	      server


OPTIONS

       -A,--noauth
	      ignore authority warnings (expiration only)

	  --altnames
	      matches the pattern specified in -n with alternate names too

       -C,--clientcert path
	      use client certificate to authenticate

	  --clientpass phrase
	      set passphrase for client certificate.

       -c,--critical days
	      minimum number of days a certificate has to be valid to issue a critical status

       -e,--email address
	      pattern to match the email address contained in the certificate

       -f,--file file
	      local file path (works with -H localhost only)

       -h,--help,-?
	      this help message

       -i,--issuer issuer
	      pattern to match the issuer of the certificate

       -n,---cn name
	      pattern to match the CN of the certificate

       -N,--host-cn
	      match CN with the host name

       -o,--org org
	      pattern to match the organization of the certificate

	  --openssl path
	      path of the openssl binary to be used

       -p,--port port
	      TCP port

       -P,--protocol protocol
	      use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)

       -s,--selfsigned
	      allows self-signed certificates

       -r,--rootcert cert
	      root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)

       -t,--timeout
	      seconds timeout after the specified time (defaults to 15 seconds)

       --temp dir
	      directory where to store the temporary files

       -v,--verbose
	      verbose output

       -V,--version
	      version

       -w,--warning days
	      minimum number of days a certificate has to be valid to issue a warning status


DEPRECATED OPTIONS

       -d,--days days
	      minimum number of days a certificate has to be valid (see --critical and --warning)


SEE ALSO

       x509(1), openssl(1), expect(1)


EXIT STATUS

       check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems


BUGS

       Please report bugs to: Matteo Corti (matteo.corti (at) id.ethz.ch)


AUTHOR

       Matteo Corti (matteo.corti (at) id.ethz.ch) See the AUTHORS file for the complete list of contributors

1.13.0								    April, 2012 						 check_ssl_cert(1)
Related Man Pages
genkey(1) - centos
x509(3openssl) - opensolaris
ssl_ctx_load_verify_locations(3) - netbsd
ssl_ctx_load_verify_locations(3) - osx
puppetca(8) - centos
Similar Topics in the Unix Linux Community
check_ssl_cert 1.2.2 (Default branch)
mod_ssl redirect to site if client does not have valid certificate
Empty LDAP client file
Slackware: openssl
Perl script that checks against Future time