Very good!! I wanted to share this document for those who need to monitor digital certificates, We will be able to confirm its validity to prevent any fall. As we all know, These are critical points in our organization, since if a certificate were to expire, the service offered by said product would fall, no matter how much we have invested in data centers in high availability, Clusters…

I leave you this link where we can download the script that will allow us to control this, thanks to 'check_ssl_cert’ we will be able to from Nagios, Centreon… Monitor the expiration and validity of a certificate: https://exchange.nagios.org/directory/Plugins/Network-Protocols/HTTP/check_ssl_cert/details

We download the script and leave it normally in /usr/lib/nagios/plugins/, We will make it executable as always with 'Chmod +X check_ssl_cert’ and we tried to execute it, The command is very simple, we must indicate the IP address or FQDN against which the check will be made, in addition to the port, which will almost always be the 443, and we'll pass as parameters of Warning and Critical, the days with which we want you to give us advance notice, in the example would be that when there are less than 30 days before it expires to notify us with a Warning and when there are less than 7 days would become Critical.

As usual, first we must register the Command from “Configuration” > “Commands” > “Add…” or duplicate an existing one. And we modified at least the following data:

• Command Name: Specify the name of the command, As I usually tell you, I usually use the name of the script to locate it as quickly as possible if necessary, in this case 'check_ssl_cert'.
• Command Type: We mark 'Check'.
• Command Line: We enter what this command will execute, in the example that concerns us: '/usr/lib/nagios/plugins/check_ssl_cert -H $ARG 1$ -A -p $ARG 2$ -w $ARG 3$ -c $ARG 4$'
• Argument Description: Click on 'Describe arguments' and define each ARGx variable with what we want to see later when creating the services, as we can see I indicate as a first argument the IP address or hostname that you will consult, The second argument is the TCP port where you will make the query, The Plot 3 and 4 it would be as we said before the Warning and Critical for the warning in days.

We save with "Save",

And when we already have the Command created in Centreon, We will be able to create as many services that we are interested in controlling, as many certificates we want to monitor. We created the Service because, "Configuration" > "Services" > "Add" or clone an existing one, We leave the following parameters at least:

• Description: It will be the name of the service with which we will see in the monitoring.
• Linked with Hosts: We associate it with a Host, usually with the server that has the certificate, For having it organized.
• Template: We indicate the parent template from which you will inherit certain settings, if we did it on that template, as always when the usual thing is to modify notifications, Periods, Contacts, etc... Usually it will be the 'generic-active-service-custom'.
• Check Command: Select the command we just created in the previous step, 'check_ssl_cert'.
• Args: When you select this command, you will get the arguments it asks for, ¿No? We remind you that we indicate that you will have to enter the IP or FQDN, port, Warning days and Critical days.

We save with "Save",

Remember to export the data and reload the settings so that Centreon can read the new changes we just put in. I remind you, we'll go to "Configuration" > "Pollers" > "Export configuration", Selecting our poller, We mark the checks and restart & "Export".

Once everything is generated, we can now go to the "Monitoring" part and check it! Si queremos forzar el checkeo, ya sabemos, select the services that interest us and in the combo select 'Services – Schedule immediate check (Forced)’.

And we will see how easy it is to have all the certificates that our organization has controlled and monitored! We already forgot to put appointments on the calendar to remind us to renew the certificates, Nagios or Centreon will do it and let us know! I hope you enjoy it!