git.lirion.de

Of git, get, and gud

summaryrefslogtreecommitdiffstats
path: root/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/check_ssl_cert.1
diff options
context:
space:
mode:
Diffstat (limited to 'nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/check_ssl_cert.1')
-rw-r--r--nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/check_ssl_cert.1222
1 files changed, 222 insertions, 0 deletions
diff --git a/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/check_ssl_cert.1 b/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/check_ssl_cert.1
new file mode 100644
index 0000000..0a593be
--- /dev/null
+++ b/nagios-plugins-contrib-24.20190301~bpo9+1/check_ssl_cert/check_ssl_cert-1.83.0/check_ssl_cert.1
@@ -0,0 +1,222 @@
+.\" Process this file with
+.\" groff -man -Tascii foo.1
+.\"
+.TH "check_ssl_cert" 1 "February, 2019" "1.82.0" "USER COMMANDS"
+.SH NAME
+check_ssl_cert \- checks the validity of X.509 certificates
+.SH SYNOPSIS
+.BR "check_ssl_cert " "-H host [OPTIONS]"
+.SH DESCRIPTION
+.B check_ssl_cert
+A Nagios plugin to check an X.509 certificate:
+ - checks if the server is running and delivers a valid certificate
+ - checks if the CA matches a given pattern
+ - checks the validity
+.SH ARGUMENTS
+.TP
+.BR "-H,--host" " host"
+server
+.SH OPTIONS
+.TP
+.BR "-A,--noauth"
+ignore authority warnings (expiration only)
+.TP
+.BR " --altnames"
+matches the pattern specified in -n with alternate names too
+.TP
+.BR "-C,--clientcert" " path"
+use client certificate to authenticate
+.TP
+.BR " --clientpass" " phrase"
+set passphrase for client certificate.
+.TP
+.BR "-c,--critical" " days"
+minimum number of days a certificate has to be valid to issue a critical status
+.TP
+.BR " --curl-bin" " path"
+path of the curl binary to be used"
+.TP
+.BR "-d,--debug"
+produces debugging output
+.TP
+.BR " --ecdsa"
+cipher selection: force ECDSA authentication
+.TP
+.BR "-e,--email" " address"
+pattern to match the email address contained in the certificate
+.TP
+.BR "-f,--file" " file"
+local file path (works with -H localhost only) with -f you can not only pass a x509 certificate file but also a certificate revocation list (CRL) to check the validity period
+.TP
+.BR " --file-bin" " path"
+path of the file binary to be used
+.TP
+.BR " --fingerprint" " SHA1"
+pattern to match the SHA1-Fingerprint
+.TP
+.BR " --force-perl-date"
+force the usage of Perl for date computations
+.TP
+.BR " --format" " FORMAT"
+custom output format (e.g. "%SHORTNAME% OK %CN% from '%CA_ISSUER_MATCHED%'")
+.TP
+.BR "-h,--help,-?"
+this help message
+.TP
+.BR " --ignore-exp"
+ignore expiration date
+.TP
+.BR " --ignore-ocsp"
+do not check revocation with OCSP
+.TP
+.BR " --ignore-sig-alg"
+do not check if the certificate was signed with SHA1 or MD5
+.TP
+.BR " --ignore-ssl-labs-cache"
+Forces a new check by SSL Labs (see -L)
+.TP
+.BR " --issuer-cert-cache" " dir"
+directory where to store issuer certificates cache
+.TP
+.BR "-i,--issuer" " issuer"
+pattern to match the issuer of the certificate
+.TP
+.BR "-K,--clientkey" " path"
+use client certificate key to authenticate
+.TP
+.BR "-L,--check-ssl-labs grade"
+SSL Labs assestment (please check https://www.ssllabs.com/about/terms.html)
+.TP
+.BR " --check-ssl-warn-labs grade"
+SSL Labs grade on which to warn
+.TP
+.BR " --long-output" " list"
+append the specified comma separated (no spaces) list of attributes to the plugin output on additional lines.
+Valid attributes are: enddate, startdate, subject, issuer, modulus, serial, hash, email, ocsp_uri and fingerprint. 'all' will include all the available attributes.
+.TP
+.BR "-n,--cn" " name"
+pattern to match the CN of the certificate (can be specified multiple times)
+.TP
+.BR " --no_ssl2"
+disable SSL version 2
+.TP
+.BR " --no_ssl3"
+disable SSL version 3
+.TP
+.BR " --no_tls1"
+disable TLS version 1
+.TP
+.BR " --no_tls1_1"
+disable TLS version 1.1
+.TP
+.BR " --no_tls1_2"
+disable TLS version 1.2
+.TP
+.BR "-N,--host-cn"
+match CN with the host name
+.TP
+.BR "-o,--org" " org"
+pattern to match the organization of the certificate
+.TP
+.BR " --openssl" " path"
+path of the openssl binary to be used
+.TP
+.BR "-p,--port" " port"
+TCP port
+.TP
+.BR "-P,--protocol" " protocol"
+use the specific protocol: http (default), irc or smtp,pop3,imap,ftp,ldap (switch to TLS)
+.TP
+.BR "-s,--selfsigned"
+allows self-signed certificates
+.TP
+.BR " --serial serialnum"
+pattern to match the serial number
+.TP
+.BR " --sni name"
+sets the TLS SNI (Server Name Indication) extension in the ClientHello message to 'name'
+.TP
+.BR " --ssl2"
+force SSL version 2
+.TP
+.BR " --ssl3"
+force SSL version 3
+.TP
+.BR " --require-ocsp-stapling"
+require OCSP stapling
+.TP
+.BR " --require-san"
+require the presence of a Subject Alternative Name extension
+.TP
+.BR "-r,--rootcert" " cert"
+root certificate or directory to be used for certificate validation (passed to openssl's -CAfile or -CApath)
+.TP
+.BR " --rootcert-dir" " dir"
+root directory to be used for certificate validation (passed to openssl's -CApath)
+overrides option -r,--rootcert
+.TP
+.BR " --rootcert-file" " cert"
+root certificate to be used for certificate validation (passed to openssl's -CAfile)
+overrides option -r,--rootcert
+.TP
+.BR " --rsa"
+cipher selection: force RSA authentication
+.TP
+.BR " --temp" " dir"
+directory where to store the temporary files
+.TP
+.BR " --terse"
+terse output (also see --verbose)
+.TP
+.BR "-t,--timeout"
+seconds timeout after the specified time (defaults to 15 seconds)
+.TP
+.BR " --tls1"
+force TLS version 1
+.TP
+.BR " --tls1_1"
+force TLS version 1.1
+.TP
+.BR " --tls1_2"
+force TLS version 1.2
+.TP
+.BR " --tls1_3"
+force TLS version 1.3
+.TP
+.BR "-v,--verbose"
+verbose output (also see --terse)
+.TP
+.BR "-V,--version"
+version
+.TP
+.BR "-w,--warning" " days"
+minimum number of days a certificate has to be valid to issue a warning status
+.TP
+.BR " --xmpphost" " name"
+specifies the host for the "to" attribute of the stream element
+.SH DEPRECATED OPTIONS
+.TP
+.BR "-d,--days" " days"
+minimum number of days a certificate has to be valid (see --critical and --warning)
+.TP
+.BR " --ocsp"
+check revocation via OCSP
+.TP
+.BR "-S,--ssl" " version"
+force SSL version (2,3) (see: --ssl2 or --ssl3)
+
+.SH MULTIPLE CERTIFICATES
+If the host has multiple certificates and the installed openssl version supports the -servername option it is possible to specify the TLS SNI (Server Name Idetificator) with the -N (or --host-cn) option.
+
+.SH "SEE ALSO"
+x509(1), openssl(1), expect(1), timeout(1)
+.SH "EXIT STATUS"
+check_ssl_cert returns a zero exist status if it finds no errors, 1 for warnings, 2 for a critical errors and 3 for unknown problems
+.SH BUGS
+Please report bugs to:
+
+https://github.com/matteocorti/check_ssl_cert/issues
+.SH AUTHOR
+Matteo Corti (matteo (at) corti.li )
+See the AUTHORS file for the complete list of contributors
+
© 2014-2019 lirion.de – served by cgit – All Rights Reverse Engineered