Forum Discussion
wsanders_233261
Apr 30, 2018Nimbostratus
I find the Nagios check_http plugin to be the easiest and most reliable way of doing it. You can grovel through the output of openssl s_client also but the output from each cert and each version of openssl may be just a little bit different. You also get advance notice of certificate expiration; presumably you might find it helpful in advance so you can renew before it expires.
Like jaikumar said the F5 http monitor can't do this by itself. You could fashion a test cgi page in your http server to return an HTTP status based on the certificate validity but that's overthinking it, but that would be too much work for me. AFAIK the F5 ignores the validity of the SSL cert on the inside, as long as it exists.