diff --git a/sslcertificates/agents/plugins/sslcertificates b/sslcertificates/agents/plugins/sslcertificates index 4d3a0442..6fdad1f3 100755 --- a/sslcertificates/agents/plugins/sslcertificates +++ b/sslcertificates/agents/plugins/sslcertificates @@ -36,22 +36,23 @@ get_cert_info() { certfile="$1" single="$2" if [ -f "$certfile" -a -r "$certfile" -a \( ! -L "$certfile" -o "$single" \) ] && ! [[ $certfile =~ .*~$ ]] && ! [[ $certfile =~ .*_CA.crt$ ]] && ! [[ $certfile =~ .*/ca-certificates.crt$ ]]; then - inform='DER' - if grep -q -- '-----BEGIN CERTIFICATE-----' "$certfile"; then - inform='PEM' - fi + inform='DER' + if grep -q -- '-----BEGIN CERTIFICATE-----' "$certfile"; then + inform='PEM' + fi - cert_subject=$($OPENSSL x509 -inform $inform -noout -subject -nameopt utf8 -in "$certfile" 2> /dev/null) || return - cert_subject=$(cut -d "=" -f 2- <<<"$cert_subject" | sed -e 's/"/\\"/g') + cert_subject=$($OPENSSL x509 -inform $inform -noout -subject -nameopt utf8 -in "$certfile" 2> /dev/null) || return + cert_subject=$(cut -d "=" -f 2- <<<"$cert_subject" | sed -e 's/"/\\"/g') if ! grep -q '@snakeoil.dom' <<<"$cert_subject"; then - cert_startdate=$($OPENSSL x509 -inform $inform -noout -startdate -in "$certfile" | cut -d "=" -f 2 ) - cert_startdate_epoch=$(date --date "$cert_startdate" '+%s') + cert_startdate=$($OPENSSL x509 -inform $inform -noout -startdate -in "$certfile" | cut -d "=" -f 2 ) + cert_startdate_epoch=$(date --date "$cert_startdate" '+%s') cert_enddate=$($OPENSSL x509 -inform $inform -noout -enddate -in "$certfile" | cut -d "=" -f 2 ) cert_enddate_epoch=$(date --date "$cert_enddate" '+%s') cert_algosign=$($OPENSSL x509 -inform $inform -noout -text -in "$certfile" | awk '/Signature Algorithm: / { print $3; exit;}' ) cert_issuer_hash=$($OPENSSL x509 -inform $inform -noout -issuer_hash -in "$certfile" ) + cert_issuer=$($OPENSSL x509 -inform $inform -noout -issuer -in "$certfile" | sed -e 's/ = /=/g' -e 's/, /,/g' -e 's/issuer=//') - echo "{\"file\": \"$certfile\", \"starts\": $cert_startdate_epoch, \"expires\": $cert_enddate_epoch, \"algosign\": \"$cert_algosign\", \"issuer_hash\": \"$cert_issuer_hash\", \"subj\": \"$cert_subject\"}" + echo "{\"file\": \"$certfile\", \"starts\": $cert_startdate_epoch, \"expires\": $cert_enddate_epoch, \"algosign\": \"$cert_algosign\", \"issuer_hash\": \"$cert_issuer_hash\", \"issuer\": \"$cert_issuer\", \"subj\": \"$cert_subject\"}" fi fi } @@ -61,10 +62,10 @@ echo '<<>>' for dir in $CERT_DIRS; do if [ -d "$dir" ]; then for certfile in "$dir"/*; do - get_cert_info "$certfile" + get_cert_info "$certfile" done else - get_cert_info "$dir" 1 + get_cert_info "$dir" 1 fi done diff --git a/sslcertificates/agents/windows/plugins/sslcertificates.ps1 b/sslcertificates/agents/windows/plugins/sslcertificates.ps1 index 900aa0a3..3966737c 100755 --- a/sslcertificates/agents/windows/plugins/sslcertificates.ps1 +++ b/sslcertificates/agents/windows/plugins/sslcertificates.ps1 @@ -10,11 +10,17 @@ foreach ($CertLocation in $CertLocations) { ElseIf ($_.Subject) {$subject = $_.Subject} Else {$subject = $_.Thumbprint} + # Reverse issuer, so it starts with e.g. C=US to match the output of the Linux agent. + $issuer = $_.Issuer -split ',' | ForEach-Object { $_.Trim() } + [array]::Reverse($issuer) + $issuer = $issuer -join ',' + $data = [ordered]@{ starts = (New-TimeSpan -Start $UnixEpoch -End $_.NotBefore).TotalSeconds ; expires = (New-TimeSpan -Start $UnixEpoch -End $_.NotAfter).TotalSeconds ; subj = $subject.Unicode ; thumb = $_.Thumbprint ; + issuer = $issuer ; algosign = $_.SignatureAlgorithm.FriendlyName ; } diff --git a/sslcertificates/lib/check_mk/base/plugins/agent_based/sslcertificates.py b/sslcertificates/lib/check_mk/base/plugins/agent_based/sslcertificates.py index c86214a1..116ecd48 100644 --- a/sslcertificates/lib/check_mk/base/plugins/agent_based/sslcertificates.py +++ b/sslcertificates/lib/check_mk/base/plugins/agent_based/sslcertificates.py @@ -72,6 +72,8 @@ def discover_sslcertificates(params, section): sl = [] if data.get('issuer_hash'): sl.append(ServiceLabel(u'sslcertificates/issuer_hash', data['issuer_hash'])) + if data.get('issuer'): + sl.append(ServiceLabel(u'sslcertificates/issuer', data['issuer'])) if data.get('algosign'): sl.append(ServiceLabel(u'sslcertificates/algorithm', data['algosign'])) yield Service(item=name, labels=sl)