Monitoring SNI SSL Certificate Expiration with Nagios
Nagios' plugin check_http can also be used to verify the validity/expiration of an SSL certificate.
However if your webserver uses SNI (multiple SSL certificates on the same IP address), you have to use the --sni
switch. Otherwise information for the wrong (default) SSL certitificate will be shown:
./check_http -H reddit.com -S -C 30,14
OK - Certificate 'notreddit.com' will expire on Thu May 29 00:59:00 2014.
Note the wrong certificate common name.
For SNI enabled webservers, the switch --sni
is a must:
./check_http -H reddit.com -S --sni -C 30,14
OK - Certificate 'reddit.com' will expire on Thu Apr 23 00:59:00 2015.