I've done this before, but I don't think I still have the script. If you want to mimic the sslcert column for some random SSL certificate file and send it to Xymon, this:
openssl x509 -noout -in my_server.crt -subject -startdate -enddate -issuer
-dateopt iso_8601 |
sed -e 's/notBefore=/start date: /' -e 's/notAfter=/expire date:/'
gets you a block that looks something like the sslcert column:
subject=CN = My Server Cert start date: 2021-01-05 03:57:33Z expire date:2025-01-05 03:57:33Z issuer=CN = Some Random CA
You can do some date math on the expiry date to determine when it expires, and then construct a message to send to Xymon.
I'll poke around and see if I can dig up my script.
Ralph Mitchell
On Mon, Aug 28, 2023 at 6:47?PM Vernon Everett <everett.vernon at gmail.com> wrote:
Hi all
Haven't been using Xymon for many years, but I now have a small client looking for a lightweight and cost-effective (free) monitoring solution, and Zymon fitted the bill.
Most of the config and setup is coming back to me, but I'm a little stuck on certs. Some certs I can point Xymon directly to the URL, and I get the response I want. Others are (multiple) certs on my Xymon client server, not related to a URL, but used by applications. I cannot remember how we configure those to check for expiration.
Any tips appreciated.
Regards Vernon
--
"Accept the challenges so that you can feel the exhilaration of victory"
- General George Patton
"Don't find fault. Find a remedy"
- Henry Ford
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon