check_ssl_cert w/ PKI / X.509 Chain Validation

[Brian A. Seklecki]

These scripts are great thank you very much to all involved who 
contributed (no e-mail address for 'mastrboy'). .  I'm considering 
spending some time adding additional functionality:

--

In addition to simply parsing the date and comparing the date/time, I'd 
like to test the validity of the X.509 Cert against it's PKI 
infrastructure using the OpenSSL routines.

I'm pretty sure that this can be accomplished by checking the result code 
of openssl 's_client' or 'verify'; both permit for -CApath and -CAfile.

For internal PKI, this is pretty straightforward; just specify your 
organization's Root CA Cert.

For public cert verification; it gets tricky because you have to take a 
certificate store like the Mozilla NSS/NSPR default and convert it into 
OpenSSL c_rehash format -- taking ideas on that here.

http://lxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt

Thoughts?

l8*
 	-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
 	       http://www.spiritual-machines.org/

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null