check_ssl_cert – Nagios plugin to check X.509 certificates.

check_ssl_cert is a Nagios plugin to check X.509 certificates. It checks if the server is running and delivers a valid certificate. It also checks if the CA matches a given pattern, and checks the validity.Release Notes v1.14.0: The status now includes performance data in days until expiration (requires Perl with Date::Parse). It is now possible to print additional information in the plugin’s long output (multi-line, Nagios 3 only)

Usage: check_ssl_cert -H host [OPTIONS]

-H,–host host         server

-A,–noauth            ignore authority warnings (expiration only)
–altnames          matches the pattern specified in -n with alternate names too
-C,–clientcert path   use client certificate to authenticate
–clientpass phrase set passphrase for client certificate
-c,–critical days     minimum number of days a certificate has to be valid
to issue a critical status
-e,–email address     pattern to match the email address contained in the
-f,–file file         local file path (works with -H localhost only)
-h,–help,-?           this help message
-i,–issuer issuer     pattern to match the issuer of the certificate
–long-output list  append the specified comma separated (no spaces) list
of attributes to the plugin output on additiona lines.
Valid attributes are:
enddate, startdate, subject, issuer, modulus, serial,
hash, email, ocsp_uri and fingerprint.
‘all’ will include all the available attributes.
-n,—cn name          pattern to match the CN of the certificate
-N,–host-cn           match CN with the host name
-o,–org org           pattern to match the organization of the certificate
–openssl path      path of the openssl binary to be used
-p,–port port         TCP port
-P,–protocol protocol use the specific protocol {http|smtp|pop3|imap|ftp}
http:               default
smtp,pop3,imap,ftp: switch to TLS
-s,–selfsigned        allows self-signed certificates
-r,–rootcert path     root certificate or directory to be used for
certficate validation
-t,–timeout           seconds timeout after the specified time
(defaults to 15 seconds)
–temp dir          directory where to store the temporary files
-v,–verbose           verbose output
-V,–version           version
-w,–warning days      minimum number of days a certificate has to be valid
to issue a warning status

Deprecated options:
-d,–days days         minimum number of days a certificate has to be valid
(see –critical and –warning)

Download : check_ssl_cert-1.14.0.tar.gz
Read more in here :