See www.zabbix.com for the official Zabbix site.

Docs/howto/ssl certificate check

From Zabbix.org
Jump to: navigation, search

This is originally based on http://aperto.fr/cms/en/blog/15-blog-en/15-ssl-certificate-expiration-monitoring-with-zabbix.html with modifications to the script and template by racooper@tamu.edu.

Switches have been added to the script to check both days until expiration and the certificate issuing authority.

File:Zext ssl cert.sh

usage: zext_ssl_cert.sh [-i|-d] hostname port sni"
       -i Show Issuer"
       -d Show valid days remaining"

The exported template below includes triggers for 90, 60, 30, 15, 7 days, and Expired certificate. Macros are defined in the template for SSL_PORT and SNI. There is also basic HTTPS down check and trigger. There are no triggers for the issuer check.

The basic HTTPS check fires every 90 seconds. Issuer and validity check every 6 hours (21600 seconds).

File:Zbx export templates.xml


You can also find an alternative in Python here: https://gist.github.com/crashdump/5683952

 - Configure ExternalScripts variable in zabbix_server.conf,
 - Drop the script in the "external script" folder (usually /etc/zabbix/externalscripts/)
 - Import the template & assign it to your host.
 - Watch the incoming data !

The script can also be used outside Zabbix:

usage: check-ssl-expire.py [-h] [-p PORT] host

positional arguments:
  host                  specify an host to connect to

optional arguments:
  -h, --help            show this help message and exit
  -p PORT, --port PORT  specify a port to connect to

Example:

# ./check-ssl-expire.py www.zabbix.com
942