diff --git a/doc/10-icinga-template-library.md b/doc/10-icinga-template-library.md index cb993e279..96c2983ae 100644 --- a/doc/10-icinga-template-library.md +++ b/doc/10-icinga-template-library.md @@ -4832,17 +4832,21 @@ ssl_cert_file | **Optional.** Local file path. Works only if `ss ssl_cert_warn | **Optional.** Minimum number of days a certificate has to be valid. ssl_cert_critical | **Optional.** Minimum number of days a certificate has to be valid to issue a critical status. ssl_cert_cn | **Optional.** Pattern to match the CN of the certificate. +ssl_cert_altnames | **Optional.** Matches the pattern specified in -n with alternate ssl_cert_issuer | **Optional.** Pattern to match the issuer of the certificate. ssl_cert_org | **Optional.** Pattern to match the organization of the certificate. ssl_cert_email | **Optional.** Pattern to match the email address contained in the certificate. ssl_cert_serial | **Optional.** Pattern to match the serial number. +ssl_cert_noauth | **Optional.** Ignore authority warnings (expiration only) ssl_cert_match_host | **Optional.** Match CN with the host name. ssl_cert_selfsigned | **Optional.** Allow self-signed certificate. ssl_cert_sni | **Optional.** Sets the TLS SNI (Server Name Indication) extension. -ssl_cert_timeout | **Optional.** Seconds before connection times out (default: 10) +ssl_cert_timeout | **Optional.** Seconds before connection times out (default: 15) ssl_cert_protocol | **Optional.** Use the specific protocol {http,smtp,pop3,imap,ftp,xmpp,irc,ldap} (default: http). ssl_cert_clientcert | **Optional.** Use client certificate to authenticate. ssl_cert_clientpass | **Optional.** Set passphrase for client certificate. +ssl_cert_ssllabs | **Optional.** SSL Labs assestment +ssl_cert_ssllabs_nocache | **Optional.** Forces a new check by SSL Labs ssl_cert_rootcert | **Optional.** Root certificate or directory to be used for certficate validation. ssl_cert_ignore_signature | **Optional.** Do not check if the certificate was signed with SHA1 od MD5. ssl_cert_ssl_version | **Optional.** Force specific SSL version out of {ssl2,ssl3,tls1,tls1_1,tls1_2}. diff --git a/itl/plugins-contrib.d/web.conf b/itl/plugins-contrib.d/web.conf index 7d58b1b23..cd553e4a7 100644 --- a/itl/plugins-contrib.d/web.conf +++ b/itl/plugins-contrib.d/web.conf @@ -397,6 +397,10 @@ object CheckCommand "ssl_cert" { value = "$ssl_cert_cn$" description = "Pattern to match the CN of the certificate" } + "--altnames" = { + set_if = "$ssl_cert_altnames$" + description = "Matches the pattern specified in -n with alternate" + } "-i" = { value = "$ssl_cert_issuer$" description = "Pattern to match the issuer of the certificate" @@ -417,6 +421,10 @@ object CheckCommand "ssl_cert" { value = "$ssl_cert_serial$" description = "Pattern to match the serial number" } + "-A" = { + set_if = "$ssl_cert_noauth$" + description = "Ignore authority warnings (expiration only)" + } "-s" = { set_if = "$ssl_cert_selfsigned$" description = "Allow self-signed certificate" @@ -427,7 +435,7 @@ object CheckCommand "ssl_cert" { } "-t" = { value = "$ssl_cert_timeout$" - description = "Seconds before connection times out (default: 10)" + description = "Seconds before connection times out (default: 15)" } "-P" = { value = "$ssl_cert_protocol$" @@ -441,6 +449,14 @@ object CheckCommand "ssl_cert" { value = "$ssl_cert_clientpass$" description = "Set passphrase for client certificate" } + "-L" = { + value = "$ssl_cert_ssllabs$" + description = "SSL Labs assestment" + } + "--ignore-ssl-labs-cache" = { + set_if = "$ssl_cert_ssllabs_nocache$ + description = "Forces a new check by SSL Labs" + } "-r" = { value = "$ssl_cert_rootssl_cert$" description = "Root certificate or directory to be used for certificate validation" @@ -544,6 +560,5 @@ object CheckCommand "ssl_cert" { vars.ssl_cert_address = "$check_address$" vars.ssl_cert_port = 443 - vars.ssl_cert_timeout = 10 }