I’m using 2.0.0p17 (CRE) and was wondering if it’s possible to monitor certificate’s validity and expiry date for the following services:
SMTPS / STARTTLS TCP port 25
IMAPS TCP port 993
I’ve tried following this guide: How to Monitor SSL/TLS Certificates with Checkmk but the recipe only seems to be working for web services.
As far as I can see you can check expiration date with rule :
Check SMTP service access
The rule Check IMAP Mailboxes check doesn’t have this option.
For IMAP, you can use the ruleset Setup > Services > HTTP, TCP, Email, … > Check TCP port connection with something like:
| TCP Port: | 993 |
|---|---|
| Service description: | IMAP connection |
| State for connection refusal: | CRITICAL |
| Strings to expect in response: | * OK, Dovecot (Debian) ready. |
| Expect all of those strings in the response: | expect all |
| State for expected string mismatch: | CRITICAL |
| Use SSL for the connection.: | use SSL |
| SSL certificate validation: | 28 days, 0 days |
| Final string to send: | 0 LOGOUT |
Hello,
for STARTLS you can use the following:
“Check SMTP service access”. Then don’t forget to check the “Minimum Certificat Age” and you are done.
Greetings Felix
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.