92 lines
2.2 KiB
Bash
92 lines
2.2 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
while getopts ":u:" opt; do
|
||
|
case $opt in
|
||
|
u)
|
||
|
url="$OPTARG"
|
||
|
;;
|
||
|
\?)
|
||
|
echo "Invalid option: -$OPTARG" >&2
|
||
|
exit 3
|
||
|
;;
|
||
|
:)
|
||
|
echo "Option -$OPTARG requires an argument." >&2
|
||
|
exit 3
|
||
|
;;
|
||
|
esac
|
||
|
done
|
||
|
|
||
|
if [ -z "$url" ]; then
|
||
|
echo "UNKNOWN - URL not specified. Use the -u option to provide a URL."
|
||
|
exit 3
|
||
|
fi
|
||
|
|
||
|
# Check if the URL starts with "https://"
|
||
|
if [[ "$url" != "https://"* ]]; then
|
||
|
echo "UNKNOWN - Invalid URL. The URL must start with 'https://'."
|
||
|
exit 3
|
||
|
fi
|
||
|
|
||
|
# Extract the hostname and port from the URL
|
||
|
hostname=$(echo "$url" | awk -F[/:] '{print $4}')
|
||
|
port=$(echo "$url" | awk -F[/:] '{print $5}')
|
||
|
|
||
|
if [ -z "$port" ]; then
|
||
|
port=443
|
||
|
fi
|
||
|
|
||
|
# Check SSL certificate validity
|
||
|
ssl_output=$(curl -sSI --stderr - "$url" 2>&1)
|
||
|
curl_exit_code=$?
|
||
|
|
||
|
if [ $curl_exit_code -ne 0 ]; then
|
||
|
case $curl_exit_code in
|
||
|
6)
|
||
|
MSG="Could not resolve host for $url"
|
||
|
;;
|
||
|
7)
|
||
|
MSG="Failed to connect to $url"
|
||
|
;;
|
||
|
35)
|
||
|
MSG="SSL connect error for $url"
|
||
|
;;
|
||
|
51)
|
||
|
MSG="SSL certificate verification failed for $url"
|
||
|
;;
|
||
|
60)
|
||
|
MSG="SSL certificate cannot be authenticated with known CA certificates for $url"
|
||
|
;;
|
||
|
*)
|
||
|
MSG="curl request failed with exit code $curl_exit_code for $url"
|
||
|
;;
|
||
|
esac
|
||
|
echo "CRITICAL - $MSG"
|
||
|
exit 2
|
||
|
fi
|
||
|
|
||
|
# Check SSL certificate expiration date
|
||
|
expiration_date=$(echo | openssl s_client -servername "$hostname" -connect "$hostname:$port" 2>/dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)
|
||
|
|
||
|
if [ -z "$expiration_date" ]; then
|
||
|
echo "UNKNOWN - Failed to retrieve SSL certificate expiration date for $url"
|
||
|
exit 3
|
||
|
fi
|
||
|
|
||
|
expiration_timestamp=$(date -d "$expiration_date" +%s)
|
||
|
current_timestamp=$(date +%s)
|
||
|
|
||
|
if [ $expiration_timestamp -lt $current_timestamp ]; then
|
||
|
echo "CRITICAL - SSL certificate for $url has expired on $(date -d @$expiration_timestamp)"
|
||
|
exit 2
|
||
|
fi
|
||
|
|
||
|
days_remaining=$((($expiration_timestamp - $current_timestamp) / (60*60*24)))
|
||
|
|
||
|
if [ $days_remaining -lt 30 ]; then
|
||
|
echo "WARNING - SSL certificate for $url is expiring on $(date -d @$expiration_timestamp) ($days_remaining days remaining)"
|
||
|
exit 1
|
||
|
else
|
||
|
echo "OK - SSL certificate for $url is valid"
|
||
|
exit 0
|
||
|
fi
|