This a guide on howto deploy and configure this template for SSL expiration check and grading SSL certificate deployment.
Monitoring:
- Running HTTPS service (port)
- Certificate issuer
- Certificate expiration
- Certificate installation grade with SSL Labs API.
The following steps need to be performed on all zabbix servers (or proxy servers respectively).
CentOS, RHEL
yum install zabbix-sender
Debian, Ubuntu
apt-get install zabbix-sender
Clone the repository
cd /tmp
git clone https://github.com/hermanekt/Zabbix-ssl-certificate-check-with-grade.git
Copy scripts to their respective locations
cp /tmp/Zabbix-ssl-certificate-check-with-grade/ssllabs_checker.sh /usr/lib/zabbix/externalscripts
cp /tmp/Zabbix-ssl-certificate-check-with-grade/ssllabs_checker_at.sh /usr/lib/zabbix/externalscripts
cp /tmp/Zabbix-ssl-certificate-check-with-grade/zext_ssl_expiry.sh /usr/lib/zabbix/externalscripts
cp /tmp/Zabbix-ssl-certificate-check-with-grade/zext_ssl_issuer.sh /usr/lib/zabbix/externalscripts
Set an execution bit
chmod +x zext_ssl_*
chmod +x ssllabs_checker*
Here you have 2 options - either to use the precompiled package I've provided, or you can build your own package from scratch.
1) Copy the package
cp /tmp/Zabbix-ssl-certificate-check-with-grade/ssllabs-scan /usr/lib/zabbix/externalscripts
chmod +x /usr/lib/zabbix/externalscripts/ssllabs-scan
1) Install GOlang
CentOS, RHEL
yum install golang
Debian, Ubuntu
apt-get install golang
2) Build sslabs-scan package
cd /tmp
git clone https://github.com/ssllabs/ssllabs-scan/
cd ssllabs-scan/
go build
mv /tmp/ssllabs-scan/ssllabs-scan /usr/lib/zabbix/externalscripts/
cd && rm -rf /tmp/ssllabs-scan/
rm -rf /tmp/Zabbix-ssl-certificate-check-with-grade
File: Template_SSL_Certificates.xml
Dummy host with hostname is URL name for example https://www.google.com/ hostname is: www.google.com