Monitoring SSL Certificates Expiration with Nagios XI


Introduction
SSL certificates play a crucial role in securing websites and applications by encrypting communication. Expired SSL certificates can lead to security warnings, service disruptions, and loss of trust from users. Nagios XI provides a reliable way to monitor SSL certificates and ensure they are renewed before expiration. This guide will walk you through setting up SSL certificate expiration monitoring in Nagios XI.
Why Monitor SSL Certificate Expiration?
- Avoid Service Interruptions – Prevent downtime due to expired certificates.
- Enhance Security – Ensure continued encryption and protection.
- Maintain Compliance – Meet security standards and best practices.
- Automate Monitoring – Receive alerts before certificates expire.
Setting Up SSL Certificate Expiration Monitoring
Nagios XI uses plugins to check SSL certificate validity. The check_ssl_certificate plugin can help monitor expiration dates and send alerts.
Step 1: Install the Required Plugin
Nagios XI supports various plugins, and the check_ssl_cert plugin is commonly used.
Installing check_ssl_cert
cd /usr/local/nagios/libexec
wget https://raw.githubusercontent.com/matteocorti/check_ssl_cert/master/check_ssl_cert
chmod +x check_ssl_cert
Step 2: Create a New Command in Nagios XI
- Log in to Nagios XI and navigate to Configure > Core Config Manager.
- Go to Commands and click Add New Command.
- Configure the command as follows:
- Command Name:
check_ssl_certificate
- Command Line:
$USER1$/check_ssl_cert -H $ARG1$ -w $ARG2$ -c $ARG3$
- Description: Monitors SSL certificate expiration.
- Click Save and Apply Configuration.
Step 3: Add a New Service to Monitor SSL Expiration
- Go to Configure > Core Config Manager > Services.
- Click Add New Service.
- Configure the service:
- Host: Select the target website or server.
- Check Command:
check_ssl_certificate
. - Arguments:
$ARG1$
– The domain name (e.g.,example.com
).$ARG2$
– Warning threshold in days (e.g.,30
for 30 days before expiration).$ARG3$
– Critical threshold in days (e.g.,15
for critical alerts within 15 days).
- Check Interval: Set the frequency of checks.
- Click Save and Apply Configuration.
Step 4: Test the SSL Monitoring Setup
After configuration, force a check in Nagios XI:
/usr/local/nagios/libexec/check_ssl_cert -H example.com -w 30 -c 15
If the certificate is valid, the output should indicate the number of days remaining before expiration.
Step 5: Configure Notifications and Alerts
- Go to Configure > Notification Preferences.
- Enable email or SMS notifications.
- Set up escalation rules to alert different teams as the expiration date nears.
Conclusion
Monitoring SSL certificates with Nagios XI ensures your website and applications remain secure and accessible. By setting up automated checks and alerts, you can avoid expired SSL issues and maintain continuous encryption. Regularly review your SSL monitoring setup to ensure effectiveness and compliance with security best practices.
Share:
On this page
Tags
Related Articles
- How to Monitor Ubuntu 20.04 Logs with Nagios Log Server 2024R2
- The Power of Nagios XI Reporting: How to Generate and Share Performance Reports
- Real-World Use Cases for Nagios Log Server 2024R2
- How to Migrate from Nagios Log Server R1 to Nagios Log Server R2
- Installing Nagios Cross-Platform Agent on Arch Linux 2025