search

centreon / centreon-plugins

Collection of standard plugins to discover and gather cloud-to-edge metrics and status across your whole IT infrastructure.
https://www.centreon.com
Apache License 2.0
310 stars 273 forks source link

apps::protocols::x509::plugin UNKNOWN: OK #4361

Closed mqssi closed 1 year ago

mqssi commented 1 year ago

Hi,

When I use : 

/usr/lib/centreon/plugins/centreon-plugins/centreon_plugins.pl --plugin=apps::protocols::x509::plugin --mode=ce
rtificate --custommode=https --hostname=www.google.com --port=443 --warning-status='%{expiration} < 20' --critical-status='%{expiration}
 < 10'

I get (which is fine) : 

OK: Certificate for 'www.google.com' expires in '63' days [2023-06-20T16:54:57Z] - Issuer: '/C=US/O=Google Trust Services LLC/CN=GTS CA 
1C3'

However for another specifc domain : 

/usr/lib/centreon/plugins/centreon-plugins/centreon_plugins.pl --plugin=apps::protocols::x509::plugin --mode=ce
rtificate --custommode=https --hostname=www.XXXXX.fr --port=443 --warning-status='%{expiration} < 20' --critical-status='%{expiration} 
< 10'

I get :

UNKNOWN: OK

The plugin doesn't output the real cert cotentn only for this specific domain.

Using openssl directly works fine :

openssl s_client -servername XXXXXX.fr -connect XXXXX.fr:443 | openssl x509 -noout -dates

Any ideas? Thank you in advance

garnier-quentin commented 1 year ago

Please use the backend curl: --http-backend=curl

mqssi commented 1 year ago

I get this : 

UNKNOWN: CURLINFO_CERTINFO is not supported at /usr/lib/centreon/plugins/centreon-plugins/centreon/plugins/backend/http/curl.pm line 508
.
garnier-quentin commented 1 year ago

It needs a new curl version. I think you should use the custommode=tcp maybe

mqssi commented 1 year ago

Indeed, it works fine this way!

Thank you, have a nice day :)