[Xymon] SSL/TLS cert monitoring

Ralph M ralphmitchell at gmail.com
Tue Aug 29 04:18:41 CEST 2023


I've done this before, but I don't think I still have the script.  If you
want to mimic the sslcert column for some random SSL certificate file and
send it to Xymon, this:

openssl x509 -noout -in my_server.crt -subject -startdate -enddate -issuer
-dateopt iso_8601 |  \
     sed -e 's/notBefore=/start date: /' -e 's/notAfter=/expire date:/'

gets you a block that looks something like the sslcert column:

subject=CN = My Server Cert
start date: 2021-01-05 03:57:33Z
expire date:2025-01-05 03:57:33Z
issuer=CN = Some Random CA

You can do some date math on the expiry date to determine when it expires,
and then construct a message to send to Xymon.

I'll poke around and see if I can dig up my script.

Ralph Mitchell



On Mon, Aug 28, 2023 at 6:47 PM Vernon Everett <everett.vernon at gmail.com>
wrote:

> Hi all
>
> Haven't been using Xymon for many years, but I now have a small client
> looking for a lightweight and cost-effective (free) monitoring solution,
> and Zymon fitted the bill.
>
> Most of the config and setup is coming back to me, but I'm a little stuck
> on certs.
> Some certs I can point Xymon directly to the URL, and I get the response I
> want.
> Others are (multiple) certs on my Xymon client server, not related to a
> URL, but used by applications.
> I cannot remember how we configure those to check for expiration.
>
> Any tips appreciated.
>
> Regards
> Vernon
>
> --
>
> "Accept the challenges so that you can feel the exhilaration of victory"
> - General George Patton
>
> "Don't find fault. Find a remedy"
> - Henry Ford
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20230828/c63f5775/attachment.htm>


More information about the Xymon mailing list