Skip to content

Commit

Permalink
check_ssl_cert: integrate new option to set maximum validity (#9881)
Browse files Browse the repository at this point in the history
* check_ssl_cert: integrate new option to set maximum validity

check_ssl_cert has a new option with a new default: --maximum-validity. This change allows for services to use that option to override the default of 397 days. It is needed, if you have internal certificates that have a longer duration.

---------

Co-authored-by: Alexander A. Klimov <[email protected]>
  • Loading branch information
cycloon and Al2Klimov authored May 27, 2024
1 parent b56839f commit 7cc8d81
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions doc/10-icinga-template-library.md
Original file line number Diff line number Diff line change
Expand Up @@ -5834,6 +5834,7 @@ ssl_cert_proxy | **Optional.** Proxy server to use for connecting
ssl_cert_file | **Optional.** Local file path. Works only if `ssl_cert_address` is set to "localhost".
ssl_cert_warn | **Optional.** Minimum number of days a certificate has to be valid.
ssl_cert_critical | **Optional.** Minimum number of days a certificate has to be valid to issue a critical status.
ssl_cert_maximum_validity | **Optional.** Maximum number of days a certificate is allowed to be valid (default: 397)
ssl_cert_cn | **Optional.** Pattern to match the CN or AltName of the certificate.
ssl_cert_issuer | **Optional.** Pattern to match the issuer of the certificate.
ssl_cert_org | **Optional.** Pattern to match the organization of the certificate.
Expand Down
4 changes: 4 additions & 0 deletions itl/plugins-contrib.d/web.conf
Original file line number Diff line number Diff line change
Expand Up @@ -578,6 +578,10 @@ object CheckCommand "ssl_cert" {
set_if = "$ssl_cert_ignore_tls_renegotiation$"
description = "Do not check for renegotiation"
}
"--maximum-validity" = {
value = "$ssl_cert_maximum_validity$"
description = "The maximum validity of the certificate in days (default: 397)"
}

}

Expand Down

0 comments on commit 7cc8d81

Please sign in to comment.