diff --git a/check_ssl_certs b/check_ssl_certs
index b4d52b84790ba31f9946f85b80667f4249c22030..9604ceb8713bf56afbaaceb343d96bbdc1f6a3a1 100755
--- a/check_ssl_certs
+++ b/check_ssl_certs
@@ -13,9 +13,11 @@
 # 2021-10-06  v0.1  <axel.hahn@iml.unibe.ch>  initial version
 # 2022-03-16  v0.2  <axel.hahn@iml.unibe.ch>  shell fixes; shorten perfdata label
 # 2022-10-21  v1.3  <axel.hahn@unibe.ch>      remove grep: warning: stray \ before white space
+# 2024-04-24  v1.4  <axel.hahn@unibe.ch>      update for newer openssl version; update help
 # ======================================================================
 
 . $(dirname $0)/inc_pluginfunctions
+self_APPVERSION=1.4
 
 typeset -i iWarn=14
 typeset -i iCrit=5
@@ -36,15 +38,11 @@ myDomain=".iml.unibe.ch"
 # functions
 # ----------------------------------------------------------------------
 
+# show help text
 function showHelp(){
+    local _self; _self=$(basename $0)
 cat <<EOF
-______________________________________________________________________
-
-CHECK_SSL_CERTS
-
-(c) Institute for Medical Education - University of Bern
-Licence: GNU GPL 3
-______________________________________________________________________
+$( ph.showImlHelpHeader )
 
 Check locally installed SSL client certificates and warn if the 
 expiration date comes closer. 
@@ -118,7 +116,7 @@ for mycert in $( ls -1 $filelist 2>/dev/null )
 do
         iCounter=$iCounter+1
         data=$(openssl x509 -noout -text -in $mycert 2>/dev/null )
-        mySubject=$( echo "$data" | grep "Subject: CN = " | grep -v "," | cut -f 2- -d "=" | cut -c 2- )
+        mySubject=$( echo "$data" | grep "Subject: CN *= *" | grep -v "," | cut -f 2- -d "=" | tr -d ' ' )
         
         mySubject2="${mySubject//${myDomain}}"
         if [ -z "$mySubject" ]; then
@@ -149,7 +147,7 @@ do
             fi
             shortstatus="${shortstatus}${result} ${mySubject} [${iLeft}d] ; "
             fullstatus="${fullstatus}
------ [$iCounter of $iTotal] ${mySubject} - expires in $iLeft days $mySubject2
+----- [$iCounter of $iTotal] ${mySubject} - expires in $iLeft days
 $( echo "$data" | grep -E "(DNS:|Issuer:|Not |Subject:)" | sed 's#^ *##g')
 File: $mycert
 "
diff --git a/docs/20_Checks/_index.md b/docs/20_Checks/_index.md
index 0a3a4212f3fa868b74259b39e1ab3f1a0e02de59..d9b92dac57b587e8cfd744501b22e40def1cec70 100644
--- a/docs/20_Checks/_index.md
+++ b/docs/20_Checks/_index.md
@@ -54,7 +54,7 @@ There is one include script used by all checks:
 * check_snmp_switch
 * [check_snmp_synology](check_snmp_synology.md)
 * check_ssl
-* check_ssl_certs
+* [check_ssl_certs](check_ssl_certs.md)
 * check_systemdservices
 * [check_systemdunit](check_systemdunit.md)
 * check_timesync
diff --git a/docs/20_Checks/check_ssl_certs.md b/docs/20_Checks/check_ssl_certs.md
new file mode 100644
index 0000000000000000000000000000000000000000..a9dc336ba1b2df393efbf4d529f7cc5a5c5e35a5
--- /dev/null
+++ b/docs/20_Checks/check_ssl_certs.md
@@ -0,0 +1,82 @@
+# check SNMP data
+
+## Introduction
+
+**check_ssl_certs** is a plugin to check local certificats.
+
+It loops over 1 or multiple certificate files and reads the expiration date from is.
+This functionality requires the openssl binary in $PATH.
+
+It sends performace data with count of days left.
+
+## Syntax
+
+Start the script with `-h` to get the help.
+
+```txt
+______________________________________________________________________
+
+CHECK_SSL_CERTS
+v1.4
+
+(c) Institute for Medical Education - University of Bern
+Licence: GNU GPL 3
+
+https://os-docs.iml.unibe.ch/icinga-checks/Checks/check_ssl_certs.html
+______________________________________________________________________
+
+Check locally installed SSL client certificates and warn if the 
+expiration date comes closer. 
+
+SYNTAX:
+check_ssl_certs [-w WARN_LIMIT] [-c CRITICAL_LIMIT] [-f "FILELIST"]
+
+OPTIONS:
+
+    -f FILELIST    file filter to find certificates using globbing 
+                   (default: /etc/ssl/certs/*.cert.cer)
+                   To use multiple sources seperate them with a space char.
+                   Quote your parameter value if you use multiple sources or * char.
+    -w VALUE       warning level in days before expiration (default: 14)
+    -c VALUE       critical level in days before expiration (default: 5)
+
+    -h or --help   show this help.
+
+PARAMETERS:
+
+    None.
+
+EXAMPLE:
+
+    check_ssl_certs -f "/etc/ssl/certs/*example.com.*.cer /somewhere/else/*.cer"
+        Set 2 folders where to find the client certificates.
+        They are seperated by space and both use * for globbing
+
+    check_ssl_certs -w 30 -c 3 
+        Overide the warning and critical level.
+
+```
+
+## Examples
+
+### Get values
+
+`./check_ssl_certs`
+
+Checks files that match the default filter `/etc/ssl/certs/*.cert.cer`.
+
+```txt
+OK: SSL certs :: OK www.example.com [34d] ; 
+
+----- [1 of 1] www.example.com - expires in 34 days
+Issuer: C=US, O=Let's Encrypt, CN=R3
+Not Before: Feb 28 23:25:10 2024 GMT
+Not After : May 28 23:25:09 2024 GMT
+Subject: CN=www.example.com
+DNS:www.example.com
+File: /etc/ssl/certs/www.example.com.cert.cer
+
+INFO: warning starts 14 d before expiration, raising to critical 5 days before
+
+ |ssl-wwwexamplecom=34;;;0
+```