• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Monitor OpenVPN Certificate expiration dates

Scheduled Pinned Locked Moved OpenVPN
5 Posts 4 Posters 5.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Z
    zleeper
    last edited by Jan 9, 2014, 10:45 AM

    Hi All,

    I'm trying to find info on how to in CLI to check the expiration date of the OpenVPN certificates so that i can do a simple plugin for nagios to alert me when there is only 1 week left on the cert.

    or do i need to use the UI to fetch this info?

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jan 9, 2014, 3:54 PM

      The user certificates are not stored on the filesystem in an easily readable format. They are kept in the config.xml but they are base64 encoded there.

      If the CA and server certificates are in use by OpenVPN or IPsec they can be found in /var/etc/openvpn/ or /var/etc/ipsec/ with the name varying depending on the exact instance and its usage.

      Otherwise you'll need something to loop through the certs in the config, decode them, and check the dates. Not terribly difficult but not something we have a command-line script for at the moment

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • Z
        zleeper
        last edited by Jan 9, 2014, 4:49 PM

        sweet, thx!! made my day :)

        1 Reply Last reply Reply Quote 0
        • H
          hablutzel1
          last edited by Dec 12, 2020, 5:50 PM

          You can monitor OpenVPN server certificate with the following Nagios plugin, https://github.com/matteocorti/check_ssl_cert using a command like the following:

          check_ssl_cert -H localhost -f /etc/openvpn/server/server.crt -w 15 -c 7

          Just note that you will require to send a passive check result to Nagios as the check is being performed in the OpenVPN server itself.

          A 1 Reply Last reply Mar 16, 2021, 1:00 PM Reply Quote 0
          • A
            apfelpom @hablutzel1
            last edited by Mar 16, 2021, 1:00 PM

            We also needed to check the expiration date of pfSense certificates, my colleague wrote a Check_MK plug-in: https://github.com/ThomasKaiser/Check_MK/blob/master/agents/plugins/pfsense-certificate-expiration.sh

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              [[user:consent.lead]]
              [[user:consent.not_received]]