add doc page for check_ssl_certs

38b34a37 · Hahn Axel (hahn) · 2e385463 · 38b34a37 · 38b34a37
Commit 38b34a37 authored 1 year ago by Hahn Axel (hahn)
--- a/docs/20_Checks/_index.md
+++ b/docs/20_Checks/_index.md
@@ -54,7 +54,7 @@ There is one include script used by all checks:
 * check_snmp_switch
 * [check_snmp_synology](check_snmp_synology.md)
 * check_ssl
-* check_ssl_certs
+* [check_ssl_certs](check_ssl_certs.md)
 * check_systemdservices
 * [check_systemdunit](check_systemdunit.md)
 * check_timesync

--- a/docs/20_Checks/check_ssl_certs.md
+++ b/docs/20_Checks/check_ssl_certs.md
+# check SNMP data
+
+## Introduction
+
+**check_ssl_certs** is a plugin to check local certificats.
+
+It loops over 1 or multiple certificate files and reads the expiration date from is.
+This functionality requires the openssl binary in $PATH.
+
+It sends performace data with count of days left.
+
+## Syntax
+
+Start the script with `-h` to get the help.
+
+```txt
+______________________________________________________________________
+
+CHECK_SSL_CERTS
+v1.4
+
+(c) Institute for Medical Education - University of Bern
+Licence: GNU GPL 3
+
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ssl_certs.html
+______________________________________________________________________
+
+Check locally installed SSL client certificates and warn if the 
+expiration date comes closer. 
+
+SYNTAX:
+check_ssl_certs [-w WARN_LIMIT] [-c CRITICAL_LIMIT] [-f "FILELIST"]
+
+OPTIONS:
+
+    -f FILELIST    file filter to find certificates using globbing 
+                   (default: /etc/ssl/certs/*.cert.cer)
+                   To use multiple sources seperate them with a space char.
+                   Quote your parameter value if you use multiple sources or * char.
+    -w VALUE       warning level in days before expiration (default: 14)
+    -c VALUE       critical level in days before expiration (default: 5)
+
+    -h or --help   show this help.
+
+PARAMETERS:
+
+    None.
+
+EXAMPLE:
+
+    check_ssl_certs -f "/etc/ssl/certs/*example.com.*.cer /somewhere/else/*.cer"
+        Set 2 folders where to find the client certificates.
+        They are seperated by space and both use * for globbing
+
+    check_ssl_certs -w 30 -c 3 
+        Overide the warning and critical level.
+
+```
+
+## Examples
+
+### Get values
+
+`./check_ssl_certs`
+
+Checks files that match the default filter `/etc/ssl/certs/*.cert.cer`.
+
+```txt
+OK: SSL certs :: OK www.example.com [34d] ; 
+
+----- [1 of 1] www.example.com - expires in 34 days
+Issuer: C=US, O=Let's Encrypt, CN=R3
+Not Before: Feb 28 23:25:10 2024 GMT
+Not After : May 28 23:25:09 2024 GMT
+Subject: CN=www.example.com
+DNS:www.example.com
+File: /etc/ssl/certs/www.example.com.cert.cer
+
+INFO: warning starts 14 d before expiration, raising to critical 5 days before
+
+ |ssl-wwwexamplecom=34;;;0
+```