check_http (or other check plugin) with SSL certificate chain check needed

Stefan Giesen Stefan.Giesen at firstgate.de
Fri Oct 21 13:12:43 CEST 2005

Previous message: CHECK_NRPE: Socket timeout after 10 seconds.
Next message: check_hpjd gripes. [SOLUTION]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

the actual check_http plugin is able to check for SSL expiration dates
of SSL certificates. That's fine and it works really great, but we need
to check the certificate chain as well, since our SSL servers are using
Comodo certificates which use an immediate CA certificate.
This CA certificate may change from time to time as well and we want to
make sure that (after a renewal of one of our older certificates or a
after a new installation for new SSL hosts) the new certificate fits to
the Comodo CA certificate which is installed for this IP address. So we
need a patched check_http which does not only check the SSL certificate
expiration date, but the complete certificate chain as well.

I already did some hours of googling and i've found a tool which could
be used to create a passive check for Nagios (and which does complete
SSL certificate checks, it's called "recon", the URL is:
"http://www.brandxdev.net/recon/index.site"), but this tool is written
in Java (which we don't want to run on our monitoring machine or the web
servers), so we sadly can't use this one.

Does anybody know if there is a check_http version/patch (or another
plugin for SSL connections in general) which actually does a SSL
certificate chain check as well (and of course the expiration check)?

I would patch the check_http by myself, but I'm not used to SSL
programming at all. So it would be a lot of work for me to learn SSL
programming first - just to change a simple monitor plugin.

Thanks in advance,
Stefan
-- 
Stefan Giesen, Systemadministration Frankfurt
FIRSTGATE AG, Im MediaPark 5, 50670 Koeln
Telefon: +49 (0) 2 21 / 45 45-745, Telefax: +49 (0) 2 21 / 45 45-710
Internet: www.firstgate.de         eMail: Stefan.Giesen at firstgate.de


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: CHECK_NRPE: Socket timeout after 10 seconds.
Next message: check_hpjd gripes. [SOLUTION]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list