0

Rephrased question: (Not sure it's really clearer)

I have a small self written script, that monitors multiple servers. In fact my script just starts periodically tiny smalls scripts and gathers the output. At the moment it starts two per server I want to monitor (one server_is_up script and one server_cert_expires_within_x_days script)

So it obtains following information

  • whether an http (nginx) server is up. (try to get favicon.ico via http(s))
  • the expiration date of an http server's cert (establish an SSL connection, receive the cert and parse it)

Now I have some nginx servers with client certificate authentication and the CRL files are stored on the nginx server.

What would be the best way to write a script, that tells me whether an nginx servers CRL are exiring within x days.

Is there an easy way to remotely obtain the CRL's expiration date?

I could of course install a cronjob on each server that runs openssl, extracts the expiration date and saves it in a file and my 'monitoring script' just calls a script to perform an http request to retrieve the file generated by latter cron job.

What I wanted to know whether there is any more 'elegant' way of checking the expiration dates of a server's CRLs.

How for example are professional monitoring tools doing this? Is there something built into nginx that makes this task easy?

How do others monitor, that their CRLs are updated as they should?

gelonida
  • 259
  • 3
  • 16
  • I'm not sure exactly what you're asking. Do you mean a monitoring solution like Icinga (2)? You can have it run your scripts and alert you. – Halfgaar Jun 15 '20 at 19:36
  • I tried to rephrase my question. I just have a tiny self written monitoring solution and wondered how ti monitor CRL expiration dates in a simple way. (simple shell script, simple http accesses or a like) How do professional solutions monitor CRL expiration dates. How yould you monitor CRL expiration dates for an nginx server in a simple manner. Hope my question is a little clearer now. – gelonida Jun 15 '20 at 22:12
  • Add something to your existing monitoring system. What something is depends on what you're monitoring with now. – Michael Hampton Jun 15 '20 at 22:31
  • my solution is rather ridiculous. it just starts scripts and captures exit code or stdout to see whether a check was successful or not. rephrased my question once more. how would any monitoring solution determine whether an nginx server's crls are expiring within x days. In my question I mention one solution, that I could implement very quickly. I just wanted to know whether there would be a smarter / simpler solution to the problem. i can start any stand alone script and check it's exit code or stdout. – gelonida Jun 15 '20 at 22:55

0 Answers0