Giter Site home page Giter Site logo

check_x509's Introduction

check_x509

check_x509 is a script to check the validity of various x509 entities. Currently it checks certificates and CRLs for expiration. In the future it'll likely check for valid CA signatures and other things.

check_x509 was written to fit in well with nagios/nrpe and similar monitoring infrastructures, but also to be an easy-to-use command line utility for checking x509 entities as well as for easy use in cron or other scripts.

Usage

Your best bet is to read the POD documentation and the --help option, but the simple invocations are:

check_x509 --certificate /path/to/cert.crt --cert-form PEM --warn 4w \
  --crit 2w -v

Notice the -v option. It's the most useful way to run it interactively, but is too noisy when being used as a plugin to something like Nagios. Another example would be:

check_x509 --crl /path/to/crl.crt --crl-form DER --warn 4w --crit 2w -v

To check a CRL instead of a certificate.

check_x509 also supports bundles of PEM-encoded certificates or CRLs.

Config file

check_x509's configuration file is YAML. I find YAML to be great for config files because it's a natural way to represent arbitrary hierarchical data. It does take a few minutes to get used to, but the quick version is:

  • key-values are:
foo: var
  • arrays are:
- foo
- var
  • hashes are:
something:
  foo: bar
  baz: bat

As you can see, nesting is trivial. If you don't understand, don't worry, is a complete example config file included in the distribution to help you.

check_x509 attempts to be a one-stop shop for checking all X509 entities on a box in one step (if you want it to be). In order to do that right, that means check_x509 supports per-entity thresholds.

A note on bundles

check_x509 handles bundles of both certificates and CRLs. This is useful for bundles that apache, openssl, or other software may need. When handling this, check_x509 will check each entity in the bundle and report on the bundle as a whole. In verbose mode, the expiration for each object in the bundle will be printed, but only the most sever status is actually used.

check_x509's People

Contributors

jaymzh avatar

Watchers

avatar avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.