Rephrased question: (Not sure it's really clearer)
I have a small self written script, that monitors multiple servers.
In fact my script just starts periodically tiny smalls scripts and gathers the output.
At the moment it starts two per server I want to monitor (one server_is_up script and one server_cert_expires_within_x_days script)
So it obtains following information
- whether an http (nginx) server is up. (try to get favicon.ico via http(s))
- the expiration date of an http server's cert (establish an SSL connection, receive the cert and parse it)
Now I have some nginx servers with client certificate authentication and the CRL files are stored on the nginx server.
What would be the best way to write a script, that tells me whether an nginx servers CRL are exiring within x days.
Is there an easy way to remotely obtain the CRL's expiration date?
I could of course install a cronjob on each server that runs openssl, extracts the expiration date and saves it in a file and my 'monitoring script' just calls a script to perform an http request to retrieve the file generated by latter cron job.
What I wanted to know whether there is any more 'elegant' way of checking the expiration dates of a server's CRLs.
How for example are professional monitoring tools doing this? Is there something built into nginx that makes this task easy?
How do others monitor, that their CRLs are updated as they should?
0 Answers