Checking Microsoft SQL Encryption in Transit TLS Cert expiration

[jax7778]

Hello!

I have been trying to use the check_ssl_cert plugin to check the expiration dates on our MS SQL encryption in Transit certs, but I am not having an luck so far. We are in the process of moving all of our MS SQL environments to encryption in transit and I would love to use Nagios to monitor the certs. We are using an Internal CA cert, and we have verified that the encryption in transit is fully functional,(packets are being encrypted, and clients can connect) but I can't get Nagios to check it.

Here is an example just running from the command line basic arguments. I have included the results with the server FQDN replaced:

check_ssl_cert -H fqdn.domain.local -p 1433
SSL_CERT CRITICAL fqdn.domain.local: SSL error: 139726949517200:
error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:Error(s):
SSL_CERT CRITICAL fqdn.domain.local: No certificate returnedSSL_CERT CRITICAL fqdn.domain.local: 
SSL error: 139726949517200:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:

It was recommended on another forum to try to connect with the openssl s_client, so i attempted that as well, here is the output, again with the FQDN replaced:

openssl s_client -connect fqdn.domain.local:1433
CONNECTED(00000003)
140127202801552:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1664920458
Timeout : 300 (sec)
Verify return code: 0 (ok)

Any help is greatly appreciated. Thanks in advance.

[matteocorti]

You are trying an HTTPS handshake on port 1433 of an SQL server, but the used protocol is another one (I am not an MS SQL user and don't know the details).

Next week I might be able to access an MS SQL server and see if I can implement it.

[jax7778]

Thank you for the response, and the offer, I tried every protocol offered with no luck, I thought that might be the case. If you cannot support it I understand, I am just trying to find some way to monitor this.

[matteocorti]

What happens with

openssl s_client -connect fqdn.domain.local:1433 -msg -showcerts -verify 6

?

[jax7778]

That gives the following output:

verify depth is 6
CONNECTED(00000003)
>>> TLS 1.2  [length 0005]
    16 03 01 01 1c
>>> TLS 1.2 Handshake [length 011c], ClientHello
    01 00 01 18 03 03 d9 17 a0 e7 07 1b 5b 66 e4 20
    f2 5b eb e5 32 46 04 ba af 58 3e 46 7d a3 f8 69
    48 7d 33 4e 68 49 00 00 ac c0 30 c0 2c c0 28 c0
    24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00
    6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00
    87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0
    05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0
    23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00
    40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00
    99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0
    2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00
    96 00 41 c0 12 c0 08 00 16 00 13 00 10 00 0d c0
    0d c0 03 00 0a 00 07 c0 11 c0 07 c0 0c c0 02 00
    05 00 04 00 ff 01 00 00 43 00 0b 00 04 03 00 01
    02 00 0a 00 0a 00 08 00 17 00 19 00 18 00 16 00
    23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05
    01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03
    03 02 01 02 02 02 03 00 0f 00 01 01
140340788336528:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1666042529
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

[matteocorti]

I did some research, and it does not seem possible to connect using OpenSSL directly.

From Retrieve public server certificate key during handshake:

The problem/issue is the TDS (Tabular Data Stream) protocol used by Microsoft, which is an application layer protocol wrapping all layers and connections underneath. That means a driver has to implement this TDS protocol when connecting to Microsoft SQL server or Sybase (TDS was created by Sybase initially).

[matteocorti]

This could be a solution: https://gist.github.com/Scherlac/0f048eb8f2aab274a903dcda5acbd99f

But it would require

1. to run the Python script, save the certificate and then use the script to check the certificate file
2. to extend the script to run the Python code (but it seems an overkill)

[matteocorti]

Does not really work as expected. I am testing with a real certificate and only get:

Host                            localhost
Valid until                     Oct 13 01:44:35 2052 GMT
Valid from                      Oct 13 01:44:35 2022 GMT
Subject                         SSL_Self_Signed_Fallback
Serial Number                   3E2759062EA97AAA45D93299B98BD935
X.509 version                   3 (0x2)
Fingerprint                     sha1 3A:42:A7:3C:4A:7D:06:4A:8E:0A:64:95:7B:A4:EF:7C:EC:34:A9:03
Purpose
No revocation information
Signature algorithm             rsaEncryption (2048 bit)
No issuer URI
Issuers                         SSL_Self_Signed_Fallback
Email
Organization
Organizational unit
Country
State or province
Locality
Public key length               2048 bit

Which is not the real certificate.

[matteocorti]

I am still checking option 2): embed a small script to retrieve the certificate, but I didn't find anything working.

[matteocorti]

I have to give up… If you find a small script (in any language) I will be happy to try to integrate it.

[jax7778]

I will see what I can find, thanks so much for trying.

[matteocorti]

Never give up :-)

This works: https://gist.github.com/lnattrass/a4a91dbf439fc1719d69f7865c1b1791#file-get_tds_cert-py

[matteocorti]

corti@matteo tmp> python ./get_tds_cert.py HOST 1433 > cert
/home/corti/tmp/./get_tds_cert.py:72: DeprecationWarning: ssl.PROTOCOL_TLS is deprecated
  sslctx = ssl.SSLContext(sslProto)

corti@matteo tmp> ../git/check_ssl_cert/check_ssl_cert --file ./cert --ignore-sct --ignore-maximum-validity --info 
Host                            localhost
Valid until                     Jan 12 00:00:00 2024 GMT
Valid from                      Jan 26 19:55:51 2021 GMT
Subject                         HOST
Serial Number                   6800000044C206D35A584738FA000000000044
X.509 version                   3 (0x2)
Fingerprint                     sha1 23:59:6A:EE:6E:82:D6:E6:36:45:05:4B:2B:0F:64:2D:79:7D:15:17
Purpose                         Digital Signature, Key Encipherment
No revocation information
Signature algorithm             rsaEncryption (2048 bit)
Issuer URI                      http://pkiaia.ethz.ch/AIA/ETHZIssuingCA2020.crt
Issuers                         ETH Zurich ETHZ Issuing CA 2020
Subject Alternative Name        HOST
Subject Alternative Name        HOST
Email
Organization                    ETH Zurich
Organizational unit
Country                         CH, O=ETH Zurich
State or province
Locality
Public key length               2048 bit
SCT                             yes
SSL_CERT OK - localhost:443, https, x509 certificate 'HOST' from 'ETH Zurich' valid until Jan 12 00:00:00 2024 GMT (expires in 450 days)|days_chain_elem1=450;20;15;;

[matteocorti]

I just released a new version with a first implementation. Could you please test it?

[jax7778]

Sure, I will report back with the results. Thanks so much for doing this!

[jax7778]

I tested it via command line on and I got the following error. I apologize if I misunderstood and I need to run the python script first and import the cert? It looks like you can just specify the TDS protocol and the plugin will pull the script.

./check_ssl_cert -H fqdn.domain.local -p 1433 -P tds
  File "<stdin>", line 100
    print(peercert, end='')
                       ^
SyntaxError: invalid syntax
unable to load CRL
139677222758288:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:157:
openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

unable to load certificate
139994066519952:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140412310648720:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140143972759440:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140020566321040:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

openssl:Error: '' is an invalid command.

Standard commands
asn1parse         ca                ciphers           cms               
crl               crl2pkcs7         dgst              dh                
dhparam           dsa               dsaparam          ec                
ecparam           enc               engine            errstr            
gendh             gendsa            genpkey           genrsa            
nseq              ocsp              passwd            pkcs12            
pkcs7             pkcs8             pkey              pkeyparam         
pkeyutl           prime             rand              req               
rsa               rsautl            s_client          s_server          
s_time            sess_id           smime             speed             
spkac             ts                verify            version           
x509              

Message Digest commands (see the `dgst' command for more details)
md2               md4               md5               rmd160            
sha               sha1              

Cipher commands (see the `enc' command for more details)
aes-128-cbc       aes-128-ecb       aes-192-cbc       aes-192-ecb       
aes-256-cbc       aes-256-ecb       base64            bf                
bf-cbc            bf-cfb            bf-ecb            bf-ofb            
camellia-128-cbc  camellia-128-ecb  camellia-192-cbc  camellia-192-ecb  
camellia-256-cbc  camellia-256-ecb  cast              cast-cbc          
cast5-cbc         cast5-cfb         cast5-ecb         cast5-ofb         
des               des-cbc           des-cfb           des-ecb           
des-ede           des-ede-cbc       des-ede-cfb       des-ede-ofb       
des-ede3          des-ede3-cbc      des-ede3-cfb      des-ede3-ofb      
des-ofb           des3              desx              idea              
idea-cbc          idea-cfb          idea-ecb          idea-ofb          
rc2               rc2-40-cbc        rc2-64-cbc        rc2-cbc           
rc2-cfb           rc2-ecb           rc2-ofb           rc4               
rc4-40            rc5               rc5-cbc           rc5-cfb           
rc5-ecb           rc5-ofb           seed              seed-cbc          
seed-cfb          seed-ecb          seed-ofb          zlib              

unable to load certificate
140280016631696:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
SSL_CERT CRITICAL dbsql-p01.uco.local: SSL error: unable to load certificate 

[matteocorti]

Yes, in theory it should work. Seems a Python problem. Which version do you use? I tested only with Python3....

[jax7778]

the box is RHEL 7, so it is running with the default 2.7. I will try to test it with Python3

[matteocorti]

I’ll try to make it work with both. Sadly I am not a Python developer ….-- Matteo Cortihttp://corti.liIl giorno 19 ott 2022, alle ore 20:42, jax7778 ***@***.***> ha scritto: the box is RHEL 7, so it is running with the default 2.7. I will try to test it with Python3 —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[jax7778]

Thanks for working on this, but I have to ask a dumb question, how do I call python3 for the embedded script in the Nagios check? I can't just call python3 to run the script since it is not a python script. I am looking this up as we converse, but I am trying not to make even more work for you here.

***Edit Apparently I can't read, you have it right in the read me file, ignore comment, I will post results with python 3 shortly

[matteocorti]

You can use the —python-bin option -- Matteo Cortihttp://corti.liIl giorno 19 ott 2022, alle ore 20:51, jax7778 ***@***.***> ha scritto: Thanks for working on this, but I have to ask a dumb question, how do I call python3 for the embedded script in the Nagios check? I am looking it up. I can't just call python3 to run the script since it is not a python script. I am looking this up as we converse, but I am trying not to make even more work for you here. —Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: ***@***.***>

[jax7778]

It worked like a charm with python3! Here is the output with a our details replaced.

SSL_CERT OK - fqdn.domain.local:1433, https, x509 certificate 'fqdn.domain.local' from 'Internal CA' valid until Jul 20 20:31:31 2025 GMT (expires in 1005 days)|days_chain_elem1=1005;20;15;;

I can't tell you how much this will help our university. Thanks so much for getting this working. Also, please forgive my ignorance here, I am primarily a Windows SysAdmin, but I also happen to support Nagios.

[matteocorti]

I'm happy that my plugin is helping. I developed it to monitor our university's infrastructure, and it surprisingly got a lot of help from more than 100 different individuals.

[matteocorti]

I opened an issue (#424) for the python 2 problem

[matteocorti]

I had to exclude Python 2 as the script I have found is not working. It would maybe be possible to fix it, but:

• I have no Python knowledge
• I have no TDS knowledge
• Python 2 was discontinued in 2020

If someone wants to add support for Python 2.0 I will be glad to merge the changes, but for the moment I will stick with Python 3 only.