Closed eirikgrindevoll closed 2 years ago
I've previously just checked this by changing the port number, but presumably this is even better?
I would rather add options (--dtls, --dtls1 and --dtls1_2) similary to the --ssl or --tls options.
Any host that I could use for testing?
I've previously just checked this by changing the port number, but presumably this is even better?
I use this for checking on UDP port 3391 that way you check the actual gateway certificate and not just the web gateway
/usr/lib/nagios/plugins# ./check_ssl_cert -H ** -P dtls -p 3391 SSL_CERT OK - x509 certificate '**' from 'R3' valid until Aug 18 19:17:52 2022 GMT (expires in 86 days)|days=86;;;;
I've previously just checked this by changing the port number, but presumably this is even better?
I use this for checking on UDP port 3391 that way you check the actual gateway certificate and not just the web gateway
Sorry, I've just realised this is different to basic RDP isn't it!
I am working on a solution, but I really cannot test. If someone has a machine with a public IP that I could use for testing would be great (you can send my the IP to matteo@corti.li).
Seems to work with LibreSSL
/usr/bin/openssl s_client -crlf -connect ****:3391 -servername **** -showcerts -verify 6 -dtls1 > /dev/null
but not with OpenSSL 3.*
Implemented in ad96e1c
Usage may be for checking Microsoft Remote Desktop Gateway certificate monitoring
Proposed Changes