emnavarro02 · March 8, 2022 17:18 · emnavarro02 · Mar 8, 2022
diff --git a/Template SSL Cert Check External.xml b/Template SSL Cert Check External.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <zabbix_export>
    <version>5.0</version>
    <date>2021-04-12T08:47:25Z</date>
    <groups>
        <group>
            <name>MyTemplates</name>
        </group>
    </groups>
    <templates>
        <template>
            <template>Template SSL Cert Check External</template>
            <name>Template SSL Cert Check External</name>
            <groups>
                <group>
                    <name>MyTemplates</name>
                </group>
            </groups>
            <applications>
                <application>
                    <name>SSL certificate</name>
                </application>
            </applications>
            <items>
                <item>
                    <name>HTTPS Service is running</name>
                    <type>SIMPLE</type>
                    <key>net.tcp.service[https]</key>
                    <delay>90</delay>
                    <history>7d</history>
                    <valuemap>
                        <name>Service state</name>
                    </valuemap>
                    <triggers>
                        <trigger>
                            <expression>{max(5m)}&lt;1</expression>
                            <name>HTTPS Service is Down</name>
                            <priority>WARNING</priority>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>{$SNI} SSL certificate validity</name>
                    <type>EXTERNAL</type>
                    <key>zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]</key>
                    <delay>21600</delay>
                    <history>7d</history>
                    <value_type>FLOAT</value_type>
                    <units>days</units>
                    <applications>
                        <application>
                            <name>SSL certificate</name>
                        </application>
                    </applications>
                    <triggers>
                        <trigger>
                            <expression>{last(0)}&lt;0</expression>
                            <name>SSL certificate on {HOSTNAME} expired</name>
                            <priority>DISASTER</priority>
                        </trigger>
                        <trigger>
                            <expression>{last(0)}&lt;7</expression>
                            <name>SSL certificate on {HOSTNAME} expires in less than 7 days ({ITEM.VALUE} days remaining)</name>
                            <priority>HIGH</priority>
                            <dependencies>
                                <dependency>
                                    <name>SSL certificate on {HOSTNAME} expired</name>
                                    <expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}&lt;0</expression>
                                </dependency>
                            </dependencies>
                        </trigger>
                        <trigger>
                            <expression>{last(0)}&lt;15</expression>
                            <name>SSL certificate on {HOSTNAME} expires in less than 15 days ({ITEM.VALUE} days remaining)</name>
                            <priority>AVERAGE</priority>
                            <dependencies>
                                <dependency>
                                    <name>SSL certificate on {HOSTNAME} expires in less than 7 days ({ITEM.VALUE} days remaining)</name>
                                    <expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}&lt;7</expression>
                                </dependency>
                            </dependencies>
                        </trigger>
                        <trigger>
                            <expression>{last(0)}&lt;30</expression>
                            <name>SSL certificate on {HOSTNAME} expires in less than 30 days ({ITEM.VALUE} days remaining)</name>
                            <priority>WARNING</priority>
                            <dependencies>
                                <dependency>
                                    <name>SSL certificate on {HOSTNAME} expires in less than 15 days ({ITEM.VALUE} days remaining)</name>
                                    <expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}&lt;15</expression>
                                </dependency>
                            </dependencies>
                        </trigger>
                        <trigger>
                            <expression>{last(0)}&lt;60</expression>
                            <name>SSL certificate on {HOSTNAME} expires in less than 60 days ({ITEM.VALUE} days remaining)</name>
                            <priority>INFO</priority>
                            <dependencies>
                                <dependency>
                                    <name>SSL certificate on {HOSTNAME} expires in less than 30 days ({ITEM.VALUE} days remaining)</name>
                                    <expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}&lt;30</expression>
                                </dependency>
                            </dependencies>
                        </trigger>
                        <trigger>
                            <expression>{last(0)}&lt;90</expression>
                            <name>SSL certificate on {HOSTNAME} expires in less than 90 days ({ITEM.VALUE} days remaining)</name>
                            <dependencies>
                                <dependency>
                                    <name>SSL certificate on {HOSTNAME} expires in less than 60 days ({ITEM.VALUE} days remaining)</name>
                                    <expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}&lt;60</expression>
                                </dependency>
                            </dependencies>
                        </trigger>
                    </triggers>
                </item>
                <item>
                    <name>SSL certificate issuer</name>
                    <type>EXTERNAL</type>
                    <key>zext_ssl_cert.sh[-i,{HOST.CONN},{$SSL_PORT},{$SNI}]</key>
                    <delay>21600</delay>
                    <history>0</history>
                    <trends>0</trends>
                    <value_type>TEXT</value_type>
                    <applications>
                        <application>
                            <name>SSL certificate</name>
                        </application>
                    </applications>
                </item>
            </items>
            <macros>
                <macro>
                    <macro>{$SNI}</macro>
                </macro>
                <macro>
                    <macro>{$SSL_PORT}</macro>
                    <value>443</value>
                </macro>
            </macros>
        </template>
    </templates>
    <graphs>
        <graph>
            <name>SSL Certificate valid days</name>
            <graph_items>
                <graph_item>
                    <color>BB00BB</color>
                    <item>
                        <host>Template SSL Cert Check External</host>
                        <key>zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]</key>
                    </item>
                </graph_item>
            </graph_items>
        </graph>
    </graphs>
    <value_maps>
        <value_map>
            <name>Service state</name>
            <mappings>
                <mapping>
                    <value>0</value>
                    <newvalue>Down</newvalue>
                </mapping>
                <mapping>
                    <value>1</value>
                    <newvalue>Up</newvalue>
                </mapping>
            </mappings>
        </value_map>
    </value_maps>
 </zabbix_export>
diff --git a/zext_ssl_cert.sh b/zext_ssl_cert.sh
 #! /bin/sh
 #------------------------------------------------------------
 # zext_ssl_cert.sh
 # Script checks for number of days until certificate expires or the issuing authority
 # depending on switch passed on command line.
 #
 #Based on script from aperto.fr (http://aperto.fr/cms/en/blog/15-blog-en/15-ssl-certificate-expiration-monitoring-with-zabbix.html)
 #with additions by [email protected]
 #------------------------------------------------------------

 DEBUG=0
 if [ $DEBUG -gt 0 ]
 then
    exec 2>>/tmp/my.log
    set -x
 fi

 f=$1
 host=$2
 port=$3
 sni=$4
 proto=$5

 if [ -z "$sni" ]
 then
    servername=$host
 else
    servername=$sni
 fi

 if [ -n "$proto" ]
 then
    starttls="-starttls $proto"
 fi

 case $f in
 -d)
 end_date=`openssl s_client -servername $servername -host $host -port $port -showcerts $starttls -prexit </dev/null 2>/dev/null |
          sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
          openssl x509 -text 2>/dev/null |
          sed -n 's/ *Not After : *//p'`

 if [ -n "$end_date" ]
 then
    end_date_seconds=`date '+%s' --date "$end_date"`
    now_seconds=`date '+%s'`
    echo "($end_date_seconds-$now_seconds)/24/3600" | bc
 fi
 ;;

 -i)
 issue_dn=`openssl s_client -servername $servername -host $host -port $port -showcerts $starttls -prexit </dev/null 2>/dev/null |
          sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |
          openssl x509 -text 2>/dev/null |
          sed -n 's/ *Issuer: *//p'`

 if [ -n "$issue_dn" ]
 then
    issuer=`echo $issue_dn | sed -n 's/.*CN=*//p'`
    echo $issuer
 fi
 ;;
 *)
 echo "usage: $0 [-i|-d] hostname port sni"
 echo "    -i Show Issuer"
 echo "    -d Show valid days remaining"
 ;;
 esac
	<?xml version="1.0" encoding="UTF-8"?>
	<zabbix_export>
	<version>5.0</version>
	<date>2021-04-12T08:47:25Z</date>
	<groups>
	<group>
	<name>MyTemplates</name>
	</group>
	</groups>
	<templates>
	<template>
	<template>Template SSL Cert Check External</template>
	<name>Template SSL Cert Check External</name>
	<groups>
	<group>
	<name>MyTemplates</name>
	</group>
	</groups>
	<applications>
	<application>
	<name>SSL certificate</name>
	</application>
	</applications>
	<items>
	<item>
	<name>HTTPS Service is running</name>
	<type>SIMPLE</type>
	<key>net.tcp.service[https]</key>
	<delay>90</delay>
	<history>7d</history>
	<valuemap>
	<name>Service state</name>
	</valuemap>
	<triggers>
	<trigger>
	<expression>{max(5m)}<1</expression>
	<name>HTTPS Service is Down</name>
	<priority>WARNING</priority>
	</trigger>
	</triggers>
	</item>
	<item>
	<name>{$SNI} SSL certificate validity</name>
	<type>EXTERNAL</type>
	<key>zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]</key>
	<delay>21600</delay>
	<history>7d</history>
	<value_type>FLOAT</value_type>
	<units>days</units>
	<applications>
	<application>
	<name>SSL certificate</name>
	</application>
	</applications>
	<triggers>
	<trigger>
	<expression>{last(0)}<0</expression>
	<name>SSL certificate on {HOSTNAME} expired</name>
	<priority>DISASTER</priority>
	</trigger>
	<trigger>
	<expression>{last(0)}<7</expression>
	<name>SSL certificate on {HOSTNAME} expires in less than 7 days ({ITEM.VALUE} days remaining)</name>
	<priority>HIGH</priority>
	<dependencies>
	<dependency>
	<name>SSL certificate on {HOSTNAME} expired</name>
	<expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}<0</expression>
	</dependency>
	</dependencies>
	</trigger>
	<trigger>
	<expression>{last(0)}<15</expression>
	<name>SSL certificate on {HOSTNAME} expires in less than 15 days ({ITEM.VALUE} days remaining)</name>
	<priority>AVERAGE</priority>
	<dependencies>
	<dependency>
	<name>SSL certificate on {HOSTNAME} expires in less than 7 days ({ITEM.VALUE} days remaining)</name>
	<expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}<7</expression>
	</dependency>
	</dependencies>
	</trigger>
	<trigger>
	<expression>{last(0)}<30</expression>
	<name>SSL certificate on {HOSTNAME} expires in less than 30 days ({ITEM.VALUE} days remaining)</name>
	<priority>WARNING</priority>
	<dependencies>
	<dependency>
	<name>SSL certificate on {HOSTNAME} expires in less than 15 days ({ITEM.VALUE} days remaining)</name>
	<expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}<15</expression>
	</dependency>
	</dependencies>
	</trigger>
	<trigger>
	<expression>{last(0)}<60</expression>
	<name>SSL certificate on {HOSTNAME} expires in less than 60 days ({ITEM.VALUE} days remaining)</name>
	<priority>INFO</priority>
	<dependencies>
	<dependency>
	<name>SSL certificate on {HOSTNAME} expires in less than 30 days ({ITEM.VALUE} days remaining)</name>
	<expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}<30</expression>
	</dependency>
	</dependencies>
	</trigger>
	<trigger>
	<expression>{last(0)}<90</expression>
	<name>SSL certificate on {HOSTNAME} expires in less than 90 days ({ITEM.VALUE} days remaining)</name>
	<dependencies>
	<dependency>
	<name>SSL certificate on {HOSTNAME} expires in less than 60 days ({ITEM.VALUE} days remaining)</name>
	<expression>{Template SSL Cert Check External:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}].last(0)}<60</expression>
	</dependency>
	</dependencies>
	</trigger>
	</triggers>
	</item>
	<item>
	<name>SSL certificate issuer</name>
	<type>EXTERNAL</type>
	<key>zext_ssl_cert.sh[-i,{HOST.CONN},{$SSL_PORT},{$SNI}]</key>
	<delay>21600</delay>
	<history>0</history>
	<trends>0</trends>
	<value_type>TEXT</value_type>
	<applications>
	<application>
	<name>SSL certificate</name>
	</application>
	</applications>
	</item>
	</items>
	<macros>
	<macro>
	<macro>{$SNI}</macro>
	</macro>
	<macro>
	<macro>{$SSL_PORT}</macro>
	<value>443</value>
	</macro>
	</macros>
	</template>
	</templates>
	<graphs>
	<graph>
	<name>SSL Certificate valid days</name>
	<graph_items>
	<graph_item>
	<color>BB00BB</color>
	<item>
	<host>Template SSL Cert Check External</host>
	<key>zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]</key>
	</item>
	</graph_item>
	</graph_items>
	</graph>
	</graphs>
	<value_maps>
	<value_map>
	<name>Service state</name>
	<mappings>
	<mapping>
	<value>0</value>
	<newvalue>Down</newvalue>
	</mapping>
	<mapping>
	<value>1</value>
	<newvalue>Up</newvalue>
	</mapping>
	</mappings>
	</value_map>
	</value_maps>
	</zabbix_export>
	#! /bin/sh
	#------------------------------------------------------------
	# zext_ssl_cert.sh
	# Script checks for number of days until certificate expires or the issuing authority
	# depending on switch passed on command line.
	#
	#Based on script from aperto.fr (http://aperto.fr/cms/en/blog/15-blog-en/15-ssl-certificate-expiration-monitoring-with-zabbix.html)
	#with additions by [email protected]
	#------------------------------------------------------------

	DEBUG=0
	if [ $DEBUG -gt 0 ]
	then
	exec 2>>/tmp/my.log
	set -x
	fi

	f=$1
	host=$2
	port=$3
	sni=$4
	proto=$5

	if [ -z "$sni" ]
	then
	servername=$host
	else
	servername=$sni
	fi

	if [ -n "$proto" ]
	then
	starttls="-starttls $proto"
	fi

	case $f in
	-d)
	end_date=`openssl s_client -servername $servername -host $host -port $port -showcerts $starttls -prexit </dev/null 2>/dev/null \|
	sed -n '/BEGIN CERTIFICATE/,/END CERT/p' \|
	openssl x509 -text 2>/dev/null \|
	sed -n 's/ Not After : //p'`

	if [ -n "$end_date" ]
	then
	end_date_seconds=`date '+%s' --date "$end_date"`
	now_seconds=`date '+%s'`
	echo "($end_date_seconds-$now_seconds)/24/3600" \| bc
	fi
	;;

	-i)
	issue_dn=`openssl s_client -servername $servername -host $host -port $port -showcerts $starttls -prexit </dev/null 2>/dev/null \|
	sed -n '/BEGIN CERTIFICATE/,/END CERT/p' \|
	openssl x509 -text 2>/dev/null \|
	sed -n 's/ Issuer: //p'`

	if [ -n "$issue_dn" ]
	then
	issuer=`echo $issue_dn \| sed -n 's/.CN=//p'`
	echo $issuer
	fi
	;;
	*)
	echo "usage: $0 [-i\|-d] hostname port sni"
	echo " -i Show Issuer"
	echo " -d Show valid days remaining"
	;;
	esac