[Pkg-nagios-devel] Bug#761265: check_ssl_cert: include trusted roots by default

Daniel Pocock daniel at pocock.pro
Fri Sep 12 08:35:45 UTC 2014

Package: nagios-plugins-contrib
Version: 4.20120702

In the file /etc/nagios-plugins/config/ssl_cert.cfg the command
definition is:

   /usr/lib/nagios/plugins/check_ssl_cert -H $HOSTADDRESS$ '$ARG1$'

The default should probably include all the roots on a Debian system,
like this:

   /usr/lib/nagios/plugins/check_ssl_cert -r /etc/ssl/certs -H

and it would be nice to add this extra command check too:

# 'check_ssl_cert_by_root' command definition
# ARG2 may be either a root certificate PEM file or a directory of
trusted roots
define command{
    command_name    check_ssl_cert_by_root
    command_line    /usr/lib/nagios/plugins/check_ssl_cert -r $ARG2$ -H

Also consider adding a comment at the top of the file:

# checks SSL/TLS server is listening and using a valid certificate

This will make it more obvious that it checks servers and not just PEM
files on the local disk - "check_ssl_cert" is ambiguous

More information about the Pkg-nagios-devel mailing list