{"id":15638495,"url":"https://github.com/jaymzh/check_x509","last_synced_at":"2025-10-06T07:54:12.939Z","repository":{"id":142270886,"uuid":"203046610","full_name":"jaymzh/check_x509","owner":"jaymzh","description":"A healthcheck script for certificates","archived":false,"fork":false,"pushed_at":"2023-04-03T07:29:20.000Z","size":19,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-06T07:54:09.502Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jaymzh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-08-18T19:18:11.000Z","updated_at":"2023-04-03T07:30:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"76c81d3a-967a-4121-8d40-3d341c5f79cf","html_url":"https://github.com/jaymzh/check_x509","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/jaymzh/check_x509","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaymzh%2Fcheck_x509","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaymzh%2Fcheck_x509/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaymzh%2Fcheck_x509/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaymzh%2Fcheck_x509/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jaymzh","download_url":"https://codeload.github.com/jaymzh/check_x509/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jaymzh%2Fcheck_x509/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278577932,"owners_count":26009701,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-03T11:21:46.779Z","updated_at":"2025-10-06T07:54:12.924Z","avatar_url":"https://github.com/jaymzh.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# check_x509\n\n`check_x509` is a script to check the validity of various x509 entities.\nCurrently it checks certificates and CRLs for expiration. In the future it'll\nlikely check for valid CA signatures and other things.\n\n`check_x509` was written to fit in well with nagios/nrpe and similar monitoring\ninfrastructures, but also to be an easy-to-use command line utility for\nchecking x509 entities as well as for easy use in cron or other scripts.\n\n## Usage\nYour best bet is to read the POD documentation and the --help option, but the\nsimple invocations are:\n\n```\ncheck_x509 --certificate /path/to/cert.crt --cert-form PEM --warn 4w \\\n  --crit 2w -v\n```\n\nNotice the `-v` option. It's the most useful way to run it interactively, but is\ntoo noisy when being used as a plugin to something like Nagios. Another\nexample would be:\n\n```\ncheck_x509 --crl /path/to/crl.crt --crl-form DER --warn 4w --crit 2w -v\n```\n\nTo check a CRL instead of a certificate.\n\n`check_x509` also supports bundles of PEM-encoded certificates or CRLs.\n\n## Config file\n`check_x509`'s configuration file is YAML. I find YAML to be great for config\nfiles because it's a natural way to represent arbitrary hierarchical data. It\ndoes take a few minutes to get used to, but the quick version is:\n\n* key-values are:\n```\nfoo: var\n```\n\n* arrays are:\n```\n- foo\n- var\n```\n\n* hashes are:\n```\nsomething:\n  foo: bar\n  baz: bat\n```\n\nAs you can see, nesting is trivial. If you don't understand, don't worry,\nis a complete example config file included in the distribution to help you.\n\n`check_x509` attempts to be a one-stop shop for checking all X509 entities on a\nbox in one step (if you want it to be). In order to do that right, that means\n`check_x509` supports per-entity thresholds.\n\n## A note on bundles\n`check_x509` handles bundles of both certificates and CRLs. This is useful for\nbundles that apache, openssl, or other software may need. When handling this,\n`check_x509` will check each entity in the bundle and report on the bundle as a\nwhole. In verbose mode, the expiration for each object in the bundle will be\nprinted, but only the most sever status is actually used.\n\n- Phil Dibowitz \u003cphil@ipom.com\u003e\nhttp://www.phildev.net/check_x509/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaymzh%2Fcheck_x509","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaymzh%2Fcheck_x509","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaymzh%2Fcheck_x509/lists"}