Security

Reply
FXG
New Contributor

Check captive portal certificate expiration

Hello everyone,

 

I use Aruba Instant to provide a guest access. I would like to monitor the captive portal certificate expiration date used by the splash page.

What would be my best option ? We use Nagios at our company and I thought about creating a script that connects via SSH to the instant, runs the command "show cert all".

Is there a better way to do this ?

Btw, we dont have Clearpass

 

Thanks for your help.

Highlighted
MVP Guru

Re: Check captive portal certificate expiration

You can use the standard Nagios http check to check the certificate validity. This is what I put in my plugin config:

define command{
        command_name    check_ssl_cert
        command_line    /usr/lib/nagios/plugins/check_http -H $HOSTADDRESS$ -C 30,14
}

define command{
        command_name    check_vhost_cert
        command_line    /usr/lib/nagios/plugins/check_http -H $ARG1$ -C 30,14 --ssl --sni
}

And this in as service checks:

define service{
        use                             low-service         ; Name of service template to use
        host_name                       your.host.name
        service_description             SSL Certificate
        check_command                   check_ssl_cert
       }

define service{
        use                             low-service         ; Name of service template to use
        host_name                       your.host.name
        service_description             SSL Certificate - dl.arubalab.com
        check_command                   check_vhost_cert!dl.arubalab.com
       }

You can use the simple version to check the certificate on your Instant AP as well by just checking on port 443 (default).

 

I use that check on all my certificates and has proven very useful. The vhost example is in there for references only, for the Instant AP there is just a single certificate and the check_ssl_cert should work fine.

 

If I remember correctly, your Nagios should be somewhat recent. You can test it by running the check_http manually:

% /usr/lib/nagios/plugins/check_http -H 192.168.32.15 -C 30,14
OK - Certificate 'captiveportal.arubalab.com' will expire on Wed 24 Jul 2020 08:44:07 AM GMT +0000.
--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: