[Xymon] SSL/TLS cert monitoring

Vernon Everett everett.vernon at gmail.com
Wed Aug 30 05:31:32 CEST 2023 

Hi all

Appreciate the responses, but I have more than 1 problem I am trying to
solve.
1. I need to monitor the certs on a few web sites. That's pretty easy, and
works out of the box.
2. I need to monitor the certs on a few web sites that are only reachable
through the proxy. Not sure how to do that.
3. I have a few certs local to my client that I need to keep an eye on too.
But these are used by applications, and are not related to a web page, so
effectively I need to to keep tabs on /foo/bar/cert

Was looking for some guidance on 2.
And a magic bullet for 3. :-D

I could code something up to do item 3, but I was really hoping there would
already be something that somebody could share.
I used to code Xymon tests for breakfast back when The Dead Sea was only
Somewhat Unwell. See here. https://wiki.xymonton.org/doku.php/monitors
But I am a bit rusty these days, and thought I'd lean on the community a
little.

If I can't, I guess it's back to coding again. :-)

Regards
Vernon






On Wed, 30 Aug 2023 at 02:48, Josh Luthman <josh at imaginenetworksllc.com>
wrote:

> Little more on this...
>
> 35.171.79.170   host.foo.com # https://host.foo.com ssldays=22:15 #22 day
> warn with 15 day red
>
> On Tue, Aug 29, 2023 at 10:39 AM Dito <dito74 at gmail.com> wrote:
>
>> I do the same (add https site to monitor), and the sslcert test populates
>> itself, 2 weeks before expiration it goes yellow and 2-3 days before, it
>> goes red.
>>
>>  SSL certificate for https://xxxxxxxxxxxxxx/ expires in 547 days
>>
>>
>> Server certificate:
>> 	xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.com
>> 	start date: 2023-02-27 17:04:27 GMT
>> 	expire date:2025-02-26 17:04:27 GMT
>> 	key size:4096
>> 	issuer:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
>> 	signature algorithm: sha256WithRSAEncryption
>>
>> Cipher used: ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
>>
>>
>> Gab
>>
>>
>> On Mon, Aug 28, 2023 at 10:12 PM IO Support <support at ionetworkadmin.com>
>> wrote:
>>
>>> I just add the https://namehere.com test into my hosts.cfg file and it
>>> tests the http status and auto populates an sslcert column that shows the
>>> https info you're looking for.
>>>
>>> Sample line:
>>> 0.0.0.0    WebPage.com   # https://webpage.com
>>>
>>> Thank You,
>>> Kris Springer
>>> Systems Admin
>>> I/O Network Administrationsupport at ionetworkadmin.comhttps://www.ionetworkadmin.com
>>>
>>>  On 8/28/23 16:46, Vernon Everett wrote:
>>>
>>> Hi all
>>>
>>> Haven't been using Xymon for many years, but I now have a small client
>>> looking for a lightweight and cost-effective (free) monitoring solution,
>>> and Zymon fitted the bill.
>>>
>>> Most of the config and setup is coming back to me, but I'm a little
>>> stuck on certs.
>>> Some certs I can point Xymon directly to the URL, and I get the response
>>> I want.
>>> Others are (multiple) certs on my Xymon client server, not related to a
>>> URL, but used by applications.
>>> I cannot remember how we configure those to check for expiration.
>>>
>>> Any tips appreciated.
>>>
>>> Regards
>>> Vernon
>>>
>>> --
>>>
>>> "Accept the challenges so that you can feel the exhilaration of victory"
>>> - General George Patton
>>>
>>> "Don't find fault. Find a remedy"
>>> - Henry Ford
>>>
>>> _______________________________________________
>>> Xymon mailing listXymon at xymon.comhttp://lists.xymon.com/mailman/listinfo/xymon
>>>
>>>
>>> _______________________________________________
>>> Xymon mailing list
>>> Xymon at xymon.com
>>> http://lists.xymon.com/mailman/listinfo/xymon
>>>
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>


-- 

"Accept the challenges so that you can feel the exhilaration of victory"
- General George Patton

"Don't find fault. Find a remedy"
- Henry Ford
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20230830/6c7430e1/attachment.htm>

More information about the Xymon mailing list