[Pkg-nagios-devel] Bug#761265: check_ssl_cert: include trusted roots by default
Daniel Pocock
daniel at pocock.pro
Fri Sep 12 08:35:45 UTC 2014
Package: nagios-plugins-contrib
Version: 4.20120702
In the file /etc/nagios-plugins/config/ssl_cert.cfg the command
definition is:
/usr/lib/nagios/plugins/check_ssl_cert -H $HOSTADDRESS$ '$ARG1$'
The default should probably include all the roots on a Debian system,
like this:
/usr/lib/nagios/plugins/check_ssl_cert -r /etc/ssl/certs -H
$HOSTADDRESS$ '$ARG1$'
and it would be nice to add this extra command check too:
# 'check_ssl_cert_by_root' command definition
# ARG2 may be either a root certificate PEM file or a directory of
trusted roots
define command{
command_name check_ssl_cert_by_root
command_line /usr/lib/nagios/plugins/check_ssl_cert -r $ARG2$ -H
$HOSTADDRESS$ '$ARG1$'
}
Also consider adding a comment at the top of the file:
# checks SSL/TLS server is listening and using a valid certificate
This will make it more obvious that it checks servers and not just PEM
files on the local disk - "check_ssl_cert" is ambiguous
More information about the Pkg-nagios-devel
mailing list