Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
monitors:sslname.sh [2015/11/10 03:57] – [SSL certificate name match monitor] jccleaver | monitors:sslname.sh [2015/11/10 04:53] – [sslname.sh] jccleaver |
---|
Originating thread here: http://www.xymon.com/archive/2010/06/msg00148.html | Originating thread here: http://www.xymon.com/archive/2010/06/msg00148.html |
| |
A small script that checks "sslcert" tests and tries to verify that the common name ("CN=") in the resulting ssl certificate matches the URL that we tried to reach (eg, https://secure.example.com/) It reports the status under a new test name, "sslname". Wildcard certificates are taken into account, since we're matching using extended grep. | A small script that checks "sslcert" tests and tries to verify that the common name ("CN=") in the resulting ssl certificate matches the URL that we tried to reach (eg, https://secure.example.com/) It reports the status under a new test name, "sslname", or can optionally send a 'modify' message to alter the original "sslcert" test. Wildcard certificates are taken into account, since we're matching using extended grep. |
| |
===== Installation ===== | ===== Installation ===== |
CMD /etc/xymon/ext/sslname.sh | CMD /etc/xymon/ext/sslname.sh |
LOGFILE /var/log/xymon/sslname.log | LOGFILE /var/log/xymon/sslname.log |
| INTERVAL 5m |
</code> | </code> |
| |
# TODO: We should loop over all common names and try to figure out what the relevant URLs are below | # TODO: We should loop over all common names and try to figure out what the relevant URLs are below |
# For now, we sort and take the first one. | # For now, we sort and take the first one. |
COMMONNAME="`echo \"$SSLDATA\" | grep CN= | perl -pe 's/^.*CN=([\w\.\-\*]+).*$/\1/' | sort | uniq | head -n 1`" | COMMONNAME="`echo \"$SSLDATA\" | grep -v issuer: | grep CN= | perl -pe 's/^.*CN=([\w\.\-\*]+).*$/\1/' | sort | uniq | head -n 1`" |
if [ -z "$COMMONNAME" ] ; then | if [ -z "$COMMONNAME" ] ; then |
echo "Couldn't find a 'common name' for $THISHOST..." >&2 | echo "Couldn't find a 'common name' for $THISHOST..." >&2 |