selivan / Https Ssl Cert Check Zabbix
Licence: other
Script to check validity and expiration of TLS/SSL certificate on site. May be used with Zabbix or standalone.
Stars: ✭ 162
Programming Languages
shell
77523 projects
Labels
Projects that are alternatives of or similar to Https Ssl Cert Check Zabbix
Docker Openldap
Docker OpenLDAP Container w/TLS & Replication Support S6 Overlay, and Zabbix Monitoring based on Alpine
Stars: ✭ 74 (-54.32%)
Mutual labels: zabbix, ssl, tls
Tlslite Ng
TLS implementation in pure python, focused on interoperability testing
Stars: ✭ 119 (-26.54%)
Mutual labels: ssl, tls
React Native Tcp Socket
React Native TCP socket API for Android, iOS & macOS with client SSL/TLS support
Stars: ✭ 112 (-30.86%)
Mutual labels: ssl, tls
Tls Channel
A Java library that implements a ByteChannel interface over SSLEngine, enabling easy-to-use (socket-like) TLS for Java applications.
Stars: ✭ 113 (-30.25%)
Mutual labels: ssl, tls
Icinga2
Icinga is a monitoring system which checks
the availability of your network resources, notifies users of outages, and generates
performance data for reporting.
Stars: ✭ 1,670 (+930.86%)
Mutual labels: monitoring, tls
Pyora
Python script to monitor Oracle Databases
Stars: ✭ 96 (-40.74%)
Mutual labels: monitoring, zabbix
Libleakmydata
A simple LD_PRELOAD library to disable SSL certificate verification. Inspired by libeatmydata.
Stars: ✭ 132 (-18.52%)
Mutual labels: ssl, tls
Atls
A light TLS implementation used for learning: TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3 GMSSL 1.1(国密SSL) based on libcrypto.so.
Stars: ✭ 134 (-17.28%)
Mutual labels: ssl, tls
Aspnetcorecertificates
Certificate Manager in .NET Core for creating and using X509 certificates
Stars: ✭ 135 (-16.67%)
Mutual labels: ssl, tls
Zabbix
Real-time monitoring of IT components and services, such as networks, servers, VMs, applications and the cloud.
Stars: ✭ 1,914 (+1081.48%)
Mutual labels: monitoring, zabbix
Certstrap
Tools to bootstrap CAs, certificate requests, and signed certificates.
Stars: ✭ 1,689 (+942.59%)
Mutual labels: ssl, tls
Search Guard Ssl
Elasticsearch SSL for free. Supports native Open SSL.
Stars: ✭ 159 (-1.85%)
Mutual labels: ssl, tls
Php Hyper Builtin Server
Reverse proxy for PHP built-in server which supports multiprocessing and TLS/SSL encryption
Stars: ✭ 93 (-42.59%)
Mutual labels: ssl, tls
Ssl Checker
Python script that collects SSL/TLS information from hosts
Stars: ✭ 94 (-41.98%)
Mutual labels: ssl, tls
Grafana Zabbix
Zabbix plugin for Grafana dashboard
Stars: ✭ 1,716 (+959.26%)
Mutual labels: monitoring, zabbix
Script to check validity and expiration of TLS/SSL certificate on remote host. Supports TLS SNI and STARTTLS for protocols like SMTP.
May be used standalone or with Zabbix. See example of integration in userparameters_ssl_cert_check.conf and zabbix manual about user parameters.
Usage
ssl_cert_check.sh valid|expire <hostname or IP> [port[/starttls protocol]] [domain for TLS SNI] [check timeout (seconds)]
-
[port]optional, default is 443 -
[starttls protocol]optional, use protocol-specific message to switch to TLS communication. Seeman s_clientoption-starttlsfor supported protocols, likesmtp,ftp,ldap. -
[domain for TLS SNI]optional, default is<hostname or IP>.
SNI(Server Name Indication) is used to specify certificate domain name if it differs from the hostname. -
[check timeout (seconds)]optional, default is 5 seconds
Return values
-
1|0for validity check: 1 - valid, 0 - invalid, expired or unavailable -
Nnumber of days left for expiration check. Zero or negative value means certificate is expired -
-65535site was unavailable for expiration check or incorrect script parameters
Exit code is always 0, otherwise zabbix agent fails to get item value and triggers would not work.
If the script is running without terminal(from zabbix), error messages are not printed, only exit code. The reason is that zabbix merges stdout and strerr to get item value.
Examples
[email protected]:~$ ./ssl_cert_check.sh valid valid.example.com
1
[email protected]:~$ ./ssl_cert_check.sh valid imap.valid.example.com 993
1
# SMTP on port 25 with STARTTLS to switch to TLS communication
[email protected]:~$ ./ssl_cert_check.sh valid smtp.valid.example.com 25/smtp
1
[email protected]:~$ ./ssl_cert_check.sh valid invalid.example.com
0
# Expired certificate is not valid
[email protected]:~$ ./ssl_cert_check.sh valid expired.example.com
0
[email protected]:~$ ./ssl_cert_check.sh expire effective-next-90-days.example.com
90
[email protected]:~$ ./ssl_cert_check.sh expire expired-37-days-ago.example.com
-37
# NOTE: an error message is shown to stderr only when running on a terminal
# Without terminal(from zabbix), only the result is printed to stdout
[email protected]:~$ ./ssl_cert_check.sh expire unavailable.example.com
-65535
ERROR: Failed to get certificate
# Check 127.0.0.1:443 for a valid certificate for example.com
# TLS SNI(Server Name Indication) is set to example.com
[email protected]:~$ ./ssl_cert_check.sh valid 127.0.0.1 443 example.com
1
# Check 127.0.0.1:443 for a valid certificate for example.com
# TLS SNI(Server Name Indication) is set to example.com
# Check timeout is 10 seconds(default is 5)
[email protected]:~$ ./ssl_cert_check.sh valid 127.0.0.1 443 example.com 10
1
Using with busybox, like Alpine-based Docker images
Busybox date can not parse date format from openssl. If you are using the script in busybox, for example in Alpine-based Docker images, install coreutils and bash packages.
P.S. If this code is useful for you - don't forget to put a star on it's github repo.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].