Nagios / Incinga plugin for verifying ssl certificates

#!/usr/bin/php7.3
<?php

function usage()
{
        print "Usage: check_ssl_certificate <FQDN>[:port number] <Warning Threshold> <Critical Threshold>\n";
        die();
}

# Check for parameters

if (!isset($argv))
        usage();

if (count($argv) != 4)
        usage();

list ($null, $hostname, $warning, $critical) = $argv;

$portnumber = 443; // Default

# Did we get a port number?
if (preg_match("/(.+):([0-9]+)/", $hostname, $matches)) # We got a port number
        list ($null, $hostname, $portnumber) = $matches;

# Are the thressholds numeric?
if ((!is_numeric($warning)) or (!is_numeric($critical)))
        usage();

# Fetching certificate
$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
if (!@$read = stream_socket_client("ssl://".$hostname.":".$portnumber, $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get))
{
        print "CRITICAL: Could not connect to $hostname($portnumber): $errstr.\n";
        die(2);
}


$cert = stream_context_get_params($read);
$validTo = openssl_x509_parse($cert['options']['ssl']['peer_certificate'])["validTo_time_t"];

#calculate difference
$diff = $validTo - time();
$days = floor( $diff / 60 / 60 / 24);

# Report back to nagios
if ($days < $critical)
{
        print "CRITICAL: $hostname expires in $days days.\n";
        die(2);
}
else if ($days < $warning)
{

        print "WARNING: $hostname expires in $days days.\n";
        die(1);
}
else
{
        print "OK: $hostname expires in $days days.\n";
        die(0);
}
Dette indlæg blev udgivet i Nagios, PHP, Uncategorized. Bogmærk permalinket.