I am not sure what the intention is with the -N option, but to me, its current implementation doesn't make a lot of sense:
Set COMMON_NAME to hostname if -N was given as argument
if [ "$COMMON_NAME" = "HOST" ] ; then
COMMON_NAME=$(hostname)
fi
This meanse, that the common name to match the certificate against is set to $(hostname), i.e. the name of the host that the check is running on. This means it only works for checking SSL on the local host, because for any other host, the common name will not match.
I suspect that the intention is, to use the given hostname (-H) as the common name to match, in which case COMMON_NAME should be set to ${HOST} instead of $(hostname):
Set COMMON_NAME to hostname if -N was given as argument
if [ "$COMMON_NAME" = "HOST" ] ; then
COMMON_NAME="${HOST}"
fi
Original reporter: m@rtijn.net
I am not sure what the intention is with the -N option, but to me, its current implementation doesn't make a lot of sense:
Set COMMON_NAME to hostname if -N was given as argument
if [ "$COMMON_NAME" = "HOST" ] ; then COMMON_NAME=$(hostname) fi
This meanse, that the common name to match the certificate against is set to $(hostname), i.e. the name of the host that the check is running on. This means it only works for checking SSL on the local host, because for any other host, the common name will not match.
I suspect that the intention is, to use the given hostname (-H) as the common name to match, in which case COMMON_NAME should be set to ${HOST} instead of $(hostname):
Set COMMON_NAME to hostname if -N was given as argument
if [ "$COMMON_NAME" = "HOST" ] ; then COMMON_NAME="${HOST}" fi