first version with startls as option

2025-01-16 21:01:05 +01:00 · 2025-01-16 21:01:05 +01:00 · 4041f7a529
commit 4041f7a529
1 changed files with 22 additions and 0 deletions
--- a/check_cert_runtime_local.sh
+++ b/check_cert_runtime_local.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+# checks certificate runtime of host locally f.e. if checkmk server cannot access monitored hosts ports directy (dmz, behind proxy, etc.)
+# Copy this to /usr/lib/check_mk_agent/local and adjust hostname and port
+# depending on service you need to set 'startls="-starttls xyz"'
+# smtp on port 25: -starttls smtp
+# ftp on port 21: -starttls ftp
+# imap on port 143: -starttls imap
+# pop3 on port 110: -starttls pop3
+# more see openssl documentation
+
+hostname=$(hostname -f)
+port=993
+starttls=
+certificate_file=$(mktemp)
+echo -n | openssl s_client -servername "$hostname" -connect "$hostname":$port $starttls 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $certificate_file
+date=$(openssl x509 -in $certificate_file -enddate -noout | sed "s/.*=\(.*\)/\1/")
+date_s=$(date -d "${date}" +%s)
+now_s=$(date -d now +%s)
+date_diff=$(( (date_s - now_s) / 86400 ))
+
+echo 'P "'$hostname':'$port' Cert-Runtime" days=-'$date_diff';-15;-10 Certificate of Service on '$hostname' Port '$port' expires in '$date_diff' days'