From 4041f7a5291cbcd65b99a622e0750cf468cab13e Mon Sep 17 00:00:00 2001
From: Alexander Gabriel <alexander.gabriel@digital-infinity.de>
Date: Thu, 16 Jan 2025 21:01:05 +0100
Subject: [PATCH] first version with startls as option

---
 check_cert_runtime_local.sh | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 check_cert_runtime_local.sh

diff --git a/check_cert_runtime_local.sh b/check_cert_runtime_local.sh
new file mode 100644
index 0000000..aabadbc
--- /dev/null
+++ b/check_cert_runtime_local.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# checks certificate runtime of host locally f.e. if checkmk server cannot access monitored hosts ports directy (dmz, behind proxy, etc.)
+# Copy this to /usr/lib/check_mk_agent/local and adjust hostname and port
+# depending on service you need to set 'startls="-starttls xyz"'
+# smtp on port 25: -starttls smtp
+# ftp on port 21: -starttls ftp
+# imap on port 143: -starttls imap
+# pop3 on port 110: -starttls pop3
+# more see openssl documentation
+
+hostname=$(hostname -f)
+port=993
+starttls=
+certificate_file=$(mktemp)
+echo -n | openssl s_client -servername "$hostname" -connect "$hostname":$port $starttls 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
+date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
+date_s=$(date -d "${date}" +%s)
+now_s=$(date -d now +%s)
+date_diff=$(( (date_s - now_s) / 86400 ))
+
+echo 'P "'$hostname':'$port' Cert-Runtime" days=-'$date_diff';-15;-10 Certificate of Service on '$hostname' Port '$port' expires in '$date_diff' days'