A few years ago, Rod Ormon asked the following question in the OpenNMS Discuss mailing list:
I have been using the user-contributed monitor that checks SSL Certificates to see if they are expired - so far it works great. See:
I have only been using it to monitor externally signed certs (VeriSign, etc.) but now I have a number of servers with locally self-signed certs to check. The monitor doesn’t work for these certs.
Has anyone been using this SSLCertMonitor? Have you been able to get it to use an “insecure” connection so it can just check the cert expiry date?
I have a very similar question, and when searching, found Rods question, however, there was no response at the time, so I’m asking the question again.
How do I monitor an SSL cert for Expiry only while ignoring domain name mismatches or other issues with the certificate? My monitoring server is on the wrong side of the firewall so is testing external websites from an internal address so there is a name mismatch, or it is an internal site with a selfsigned certificate, and all I care about is the expiry date.