Originally posted by **jax7778** October 12, 2022
Hello!
I have been trying to use the check_ssl_cert plugin to check the expiration dates on our MS SQL encryption in Transit certs, but I am not having an luck so far. We are in the process of moving all of our MS SQL environments to encryption in transit and I would love to use Nagios to monitor the certs. We are using an Internal CA cert, and we have verified that the encryption in transit is fully functional,(packets are being encrypted, and clients can connect) but I can't get Nagios to check it.
Here is an example just running from the command line basic arguments. I have included the results with the server FQDN replaced:
```
check_ssl_cert -H fqdn.domain.local -p 1433
SSL_CERT CRITICAL fqdn.domain.local: SSL error: 139726949517200:
error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:Error(s):
SSL_CERT CRITICAL fqdn.domain.local: No certificate returnedSSL_CERT CRITICAL fqdn.domain.local:
SSL error: 139726949517200:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
```
It was recommended on another forum to try to connect with the openssl s_client, so i attempted that as well, here is the output, again with the FQDN replaced:
```
openssl s_client -connect fqdn.domain.local:1433
CONNECTED(00000003)
140127202801552:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1664920458
Timeout : 300 (sec)
Verify return code: 0 (ok)
```
Any help is greatly appreciated. Thanks in advance.
Discussed in https://github.com/matteocorti/check_ssl_cert/discussions/417