I am monitoring multiple ocsp server, so i needed to modify the script a little bit so the hardcoded part did not work well for me. I never ran the original script but i believe my changes are backwards compatible.
Error handling logic modified a little big, previously some error conditions were not detected
Added a failback logic, if output is not recognized, exit with status unknown
Argument handling added to script, new arguments are:
-H host_name # remote host to check
-P port # port to use
--noverify # Don't verify is certificate is valid
--max-age 4800 # alert is certificate is about to expire
--cert filename # use this cert file instead of the hardcoded one
--issuer filename.pem # use this issuer certificate instead of the hardcoded one
--verbose # handy for troubleshooting, echos the exact openssl command used
I'm going to update my docs for this check and then merge it, or create a seperate one so that you can have a hard coded one and a non-hard coded one. Thanks :smile:
I am monitoring multiple ocsp server, so i needed to modify the script a little bit so the hardcoded part did not work well for me. I never ran the original script but i believe my changes are backwards compatible.
Argument handling added to script, new arguments are: -H host_name # remote host to check -P port # port to use --noverify # Don't verify is certificate is valid --max-age 4800 # alert is certificate is about to expire --cert filename # use this cert file instead of the hardcoded one --issuer filename.pem # use this issuer certificate instead of the hardcoded one --verbose # handy for troubleshooting, echos the exact openssl command used