Aside from receiving plenty of emails well in advanced from my PKI telling me one of my certificates is about to expire, how can I setup an alert that checks the health of an SSL?
What I want to check for:
Currently we use Hostmon internally and SiteUptime externally. The latter can use HTTPS, but it doesn't appear to have the ability to validate certificates.
We use Nagios for this. The check_http program included with it knows how to talk SSL, and can return a "warning" or "critical" status based on how close the certificate is to expiration. From the command's help output:
CHECK CERTIFICATE: check_http -H www.verisign.com -C 14
When the certificate of 'www.verisign.com' is valid for more than 14 days, a STATE_OK is returned. When the certificate is still valid, but for less than 14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when the certificate is expired.
Just enter the hostname at http://www.sslshopper.com/ssl-checker.html to see if the certificate is valid, trusted, unexpired, and contains the correct names in the certificate. You just need to the site with https in any new web browser to see if it is revoked.
