115 lines
3.1 KiB
Groff
115 lines
3.1 KiB
Groff
.\" Process this file with
|
|
.\" groff -man -Tascii foo.1
|
|
.\"
|
|
.TH "check_ssl_cert" 1 "October, 2014" "1.17.0" "USER COMMANDS"
|
|
.SH NAME
|
|
check_ssl_cert \- checks the validity of X.509 certificates
|
|
.SH SYNOPSIS
|
|
.BR "check_ssl_cert " "-H host [OPTIONS]"
|
|
.SH DESCRIPTION
|
|
.B check_ssl_cert
|
|
A Nagios plugin to check an X.509 certificate:
|
|
- checks if the server is running and delivers a valid certificate
|
|
- checks if the CA matches a given pattern
|
|
- checks the validity
|
|
.SH ARGUMENTS
|
|
.TP
|
|
.BR "-H,--host" " host"
|
|
server
|
|
.SH OPTIONS
|
|
.TP
|
|
.BR "-A,--noauth"
|
|
ignore authority warnings (expiration only)
|
|
.TP
|
|
.BR " --altnames"
|
|
matches the pattern specified in -n with alternate names too
|
|
.TP
|
|
.BR "-C,--clientcert" " path"
|
|
use client certificate to authenticate
|
|
.TP
|
|
.BR " --clientpass" " phrase"
|
|
set passphrase for client certificate.
|
|
.TP
|
|
.BR "-c,--critical" " days"
|
|
minimum number of days a certificate has to be valid to issue a critical status
|
|
.TP
|
|
.BR "-e,--email" " address"
|
|
pattern to match the email address contained in the certificate
|
|
.TP
|
|
.BR "-f,--file" " file"
|
|
local file path (works with -H localhost only)
|
|
.TP
|
|
.BR "-h,--help,-?"
|
|
this help message
|
|
.TP
|
|
.BR "--long-output" " list"
|
|
append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines.
|
|
Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
|
|
.TP
|
|
.BR "-i,--issuer" " issuer"
|
|
pattern to match the issuer of the certificate
|
|
.TP
|
|
.BR "-n,---cn" " name"
|
|
pattern to match the CN of the certificate
|
|
.TP
|
|
.BR "-N,--host-cn"
|
|
match CN with the host name
|
|
.TP
|
|
.BR "--ocsp"
|
|
check revocation via OCSP
|
|
.TP
|
|
.BR "-o,--org" " org"
|
|
pattern to match the organization of the certificate
|
|
.TP
|
|
.BR " --openssl" " path"
|
|
path of the openssl binary to be used
|
|
.TP
|
|
.BR "-p,--port" " port"
|
|
TCP port
|
|
.TP
|
|
.BR "-P,--protocol" " protocol"
|
|
use the specific protocol: http (default) or smtp,pop3,imap,ftp (switch to TLS)
|
|
.TP
|
|
.BR "-s,--selfsigned"
|
|
allows self-signed certificates
|
|
.TP
|
|
.BR "-S,--ssl" " version"
|
|
force SSL version (2,3)
|
|
.TP
|
|
.BR "-r,--rootcert" " cert"
|
|
root certificate or directory to be used for certficate validation (passed to openssl's -CAfile or -CApath)
|
|
.TP
|
|
.BR "-t,--timeout"
|
|
seconds timeout after the specified time (defaults to 15 seconds)
|
|
.TP
|
|
.BR "--temp" " dir"
|
|
directory where to store the temporary files
|
|
.TP
|
|
.BR "--tls1"
|
|
force TLS version 1
|
|
.TP
|
|
.BR "-v,--verbose"
|
|
verbose output
|
|
.TP
|
|
.BR "-V,--version"
|
|
version
|
|
.TP
|
|
.BR "-w,--warning" " days"
|
|
minimum number of days a certificate has to be valid to issue a warning status
|
|
.SH DEPRECATED OPTIONS
|
|
.TP
|
|
.BR "-d,--days" " days"
|
|
minimum number of days a certificate has to be valid (see --critical and --warning)
|
|
|
|
.SH "SEE ALSO"
|
|
x509(1), openssl(1), expect(1), timeout(1)
|
|
.SH "EXIT STATUS"
|
|
check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems
|
|
.SH BUGS
|
|
Please report bugs to: Matteo Corti (matteo.corti (at) id.ethz.ch)
|
|
|
|
.SH AUTHOR
|
|
Matteo Corti (matteo.corti (at) id.ethz.ch)
|
|
See the AUTHORS file for the complete list of contributors
|
|
|