add check_https_valid, adjust executable
This commit is contained in:
parent
dafd6236bc
commit
28909ae35f
|
|
@ -0,0 +1,91 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
while getopts ":u:" opt; do
|
||||||
|
case $opt in
|
||||||
|
u)
|
||||||
|
url="$OPTARG"
|
||||||
|
;;
|
||||||
|
\?)
|
||||||
|
echo "Invalid option: -$OPTARG" >&2
|
||||||
|
exit 3
|
||||||
|
;;
|
||||||
|
:)
|
||||||
|
echo "Option -$OPTARG requires an argument." >&2
|
||||||
|
exit 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "$url" ]; then
|
||||||
|
echo "UNKNOWN - URL not specified. Use the -u option to provide a URL."
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check if the URL starts with "https://"
|
||||||
|
if [[ "$url" != "https://"* ]]; then
|
||||||
|
echo "UNKNOWN - Invalid URL. The URL must start with 'https://'."
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Extract the hostname and port from the URL
|
||||||
|
hostname=$(echo "$url" | awk -F[/:] '{print $4}')
|
||||||
|
port=$(echo "$url" | awk -F[/:] '{print $5}')
|
||||||
|
|
||||||
|
if [ -z "$port" ]; then
|
||||||
|
port=443
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check SSL certificate validity
|
||||||
|
ssl_output=$(curl -sSI --stderr - "$url" 2>&1)
|
||||||
|
curl_exit_code=$?
|
||||||
|
|
||||||
|
if [ $curl_exit_code -ne 0 ]; then
|
||||||
|
case $curl_exit_code in
|
||||||
|
6)
|
||||||
|
MSG="Could not resolve host for $url"
|
||||||
|
;;
|
||||||
|
7)
|
||||||
|
MSG="Failed to connect to $url"
|
||||||
|
;;
|
||||||
|
35)
|
||||||
|
MSG="SSL connect error for $url"
|
||||||
|
;;
|
||||||
|
51)
|
||||||
|
MSG="SSL certificate verification failed for $url"
|
||||||
|
;;
|
||||||
|
60)
|
||||||
|
MSG="SSL certificate cannot be authenticated with known CA certificates for $url"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
MSG="curl request failed with exit code $curl_exit_code for $url"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
echo "CRITICAL - $MSG"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check SSL certificate expiration date
|
||||||
|
expiration_date=$(echo | openssl s_client -servername "$hostname" -connect "$hostname:$port" 2>/dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)
|
||||||
|
|
||||||
|
if [ -z "$expiration_date" ]; then
|
||||||
|
echo "UNKNOWN - Failed to retrieve SSL certificate expiration date for $url"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
expiration_timestamp=$(date -d "$expiration_date" +%s)
|
||||||
|
current_timestamp=$(date +%s)
|
||||||
|
|
||||||
|
if [ $expiration_timestamp -lt $current_timestamp ]; then
|
||||||
|
echo "CRITICAL - SSL certificate for $url has expired on $(date -d @$expiration_timestamp)"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
days_remaining=$((($expiration_timestamp - $current_timestamp) / (60*60*24)))
|
||||||
|
|
||||||
|
if [ $days_remaining -lt 30 ]; then
|
||||||
|
echo "WARNING - SSL certificate for $url is expiring on $(date -d @$expiration_timestamp) ($days_remaining days remaining)"
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
echo "OK - SSL certificate for $url is valid"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
Loading…
Reference in New Issue