itl/ssl_cert: Add --ignore-maximum-validity option (#10396)

* Update web.conf - Include "--ignore-maximum-validity" * Update 10-icinga-template-library.md * Update 10-icinga-template-library.md * Update 10-icinga-template-library.md
2025-07-23 13:45:04 +02:00 · 2025-04-08 09:18:38 +02:00 · 2025-04-08 09:18:38 +02:00 · 8ab859d828
commit 8ab859d828
parent 9ecf7714e3
2 changed files with 41 additions and 36 deletions
--- a/doc/10-icinga-template-library.md
+++ b/doc/10-icinga-template-library.md
@ -5964,6 +5964,7 @@ ssl_cert_file                 | **Optional.** Local file path. Works only if `ss
 ssl_cert_warn                           | **Optional.** Minimum number of days a certificate has to be valid.
 ssl_cert_critical                       | **Optional.** Minimum number of days a certificate has to be valid to issue a critical status.
 ssl_cert_maximum_validity               | **Optional.** Maximum number of days a certificate is allowed to be valid (default: 397)
+ssl_cert_ignore_maximum_validity        | **Optional.** Ignore the certificate maximum validity
 ssl_cert_cn                             | **Optional.** Pattern to match the CN or AltName of the certificate.
 ssl_cert_issuer                         | **Optional.** Pattern to match the issuer of the certificate.
 ssl_cert_org                            | **Optional.** Pattern to match the organization of the certificate.
--- a/itl/plugins-contrib.d/web.conf
+++ b/itl/plugins-contrib.d/web.conf
@ -587,6 +587,10 @@ object CheckCommand "ssl_cert" {
 			description = "verify that valid DANE records exist (since OpenSSL 1.1.0)"
 			repeat_key = false
 		}
+		"--ignore-maximum-validity" = {
+			description = "Ignore the certificate maximum validity"
+			set_if = "$ssl_cert_ignore_maximum_validity$"
+                }

 	}