Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-7465

Support STARTTLS for agent2-based certificate monitoring

    XMLWordPrintable

Details

    • Change Request
    • Status: Confirmed
    • Trivial
    • Resolution: Unresolved
    • 5.4.10, 6.0.0beta3, 6.0.0rc1
    • None
    • Agent2 plugin (N)
    • None
    • any

    Description

      The new web.certificate.get item key supports a lot of options to gather information from certificates, such as SNI etc.

      BUT: it does not support monitoring certificates through a connection that requires STARTLS to initiate the encrypted connection, such as some email servers which listen only on port 25 (or an unencrypted submission port) and require to initiate the certificate handshake from client side with the STARTTLS command.

      Nagios' monitoring_plugins plugin "check_ssl_certificate" offers such an option:

      -a <add> add the text to the openssl line, used for checking the smtp ssl certificate with starttls ("-a '-starttls smtp'")

      This way, you can monitor the certificate from a STARTTLS enabled SMTP-server like this, for example:

      /opt/plugins/custom/check_ssl_certificate -H 1.2.3.4 -p 25 -a "-starttls smtp" -v -w 90 -c 30 Result code: WARNING check_ssl_certificates: WARNING - only 76 day(s) left for *.my-company.com[1.2.3.4].

      Would be very useful to have this functionality also in Zabbix.

      Attachments

        Activity

          People

            zabbix.dev Zabbix Development Team
            christiananton Christian Anton
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: