Ad Widget

Collapse

ssl certificate check is not suitable for value type

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ruiz
    Junior Member
    • Mar 2016
    • 3
    #1

    ssl certificate check is not suitable for value type

    Hello everyone,
    I set up the template Template SSL Cert Check External located here: https://www.zabbix.org/wiki/Docs/how...tificate_check

    Problem , I have put together the number of days remaining in my zabbix the first time , but after I get errors and nothing more .

    /var/log/zabbix/zabbix_server.log
    Code:
     21956:20160316:112033.084 item "mincen:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]" became supported
 21957:20160316:112332.992 item "mincen:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]" became not supported: Received value [sed: couldn't write 64 items to stdout: Broken (pipe)402] is not suitable for value type [Numeric (float)] 
 21957:20160316:113526.538 item "intranet:zext_ssl_cert.sh[-d,{HOST.CONN},{$SSL_PORT},{$SNI}]" became not supported: Received value [sed: couldn't write 64 items to stdout: Broken (pipe)219] is not suitable for value type [Numeric (float)]
    I tried to move external scripts in / bin , to the owner zabbix user .. always the same mistake .
    I've done a chmod + x on the scripts ...


    The script works fine in bash.

    Any ideas ?

    Thanks

    Zabbix 3.0.1 on Debian Jessie
    Tags: ssl cert
    • headward
      Junior Member
      • Apr 2016
      • 1
      #2
      Hi ruiz, I'm running in to this issue as well. Did you ever find a solution? Thanks

        Comment

        • Santyaga
          Junior Member
          • Aug 2011
          • 5
          #3
          I was had the same error. So I edited the script, and now it runs without it.
          Here is the diff:

          Code:
          --- zext_ssl_cert.sh.bkp        2016-06-06 14:21:47.945587087 +0300
+++ zext_ssl_cert.sh    2016-06-06 14:09:22.153782678 +0300
@@ -40,10 +40,11 @@

 case $f in
 -d)
-end_date=`openssl s_client -servername $servername -host $host -port $port -showcerts $starttls -prexit </dev/null 2>/dev/null |
-          sed -n '/BEGIN CERTIFICATE/,/END CERT/p' | tail -n +1 |
-          openssl x509 -text 2>/dev/null |
-          sed -n 's/ *Not After : *//p' |
+fix_broken_pipe=`openssl s_client -servername $servername -connect $host:$port -showcerts $starttls </dev/null 2>/dev/null |
+          sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
+
+end_date=`echo "$fix_broken_pipe" | openssl x509 -enddate -noout 2>/dev/null |
+          sed -n 's/notAfter=//p' |
           sed 's/ GMT//g'`

 if [ -n "$end_date" ]
@@ -58,10 +59,11 @@
 ;;

 -i)
-issue_dn=`openssl s_client -servername $servername -host $host -port $port -showcerts $starttls -prexit </dev/null 2>/dev/null |
-          sed -n '/BEGIN CERTIFICATE/,/END CERT/p' | tail -n +1 |
-          openssl x509 -text 2>/dev/null |
-          sed -n 's/ *Issuer: *//p'`
+fix_broken_pipe=`openssl s_client -servername $servername -connect $host:$port -showcerts $starttls </dev/null 2>/dev/null |
+          sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
+
+issue_dn=`echo "$fix_broken_pipe" | openssl x509 -issuer -noout 2>/dev/null |
+          sed -n 's/issuer=//p'`

 if [ -n "$issue_dn" ]
 then
          I simple split the long command and edit arguments of openssl x509

            Comment

            • mighty_oak
              Junior Member
              • Jul 2016
              • 6
              #4
              Just want to thank

              Hello.

              I ran into this issue.
              Thanks for the solution.

              Why not uploading it to source as fully working script?

              Bye

                Comment

                • najbe
                  Junior Member
                  • Jan 2022
                  • 5
                  #5
                  How it will look the whole script please?

                    Comment

                    • Santyaga
                      Junior Member
                      • Aug 2011
                      • 5
                      #6
                      Code:
                      #! /bin/sh
#------------------------------------------------------------
# zext_ssl_cert.sh
# Script checks for number of days until certificate expires or the issuing authority
# depending on switch passed on command line.
#
#Based on script from aperto.fr (http://aperto.fr/cms/en/blog/15-blog-en/15-ssl-certificate-expiration-monitoring-with-zabbix.html)
#with additions by [email protected]
#Hivlaher additions for FreeBSD. Made the changes needed for the
#date command so it works with FreeBSD date:)
#Also added a sed command to cut the " GMT" on the $end_date so
#it doesnt give an ignore error. So if your timezone is not GMT
#you may have to condider the Time difference :)
#
# 2016-06-06 Fix broken pipe error by Santyaga
#------------------------------------------------------------

DEBUG=0
if [ $DEBUG -gt 0 ]
then
exec 2>>/tmp/my.log
set -x
fi

f=$1
host=$2
port=$3
sni=$4
proto=$5

if [ -z "$sni" ]
then
servername=$host
else
servername=$sni
fi

if [ -n "$proto" ]
then
starttls="-starttls $proto"
fi

case $f in
-d)
fix_broken_pipe=`openssl s_client -servername $servername -connect $host:$port -showcerts $starttls </dev/null 2>/dev/null |
sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`

end_date=`echo "$fix_broken_pipe" | openssl x509 -enddate -noout 2>/dev/null |
sed -n 's/notAfter=//p' |
sed 's/ GMT//g'`

if [ -n "$end_date" ]
then
end_date_seconds=`date '+%s' --date "$end_date"`
# end_date_seconds=`date -j -f "%b %d %T %Y" "$end_date" "+%s"`
# echo $end_date
now_seconds=`date '+%s'`
# echo $now_seconds
echo "($end_date_seconds-$now_seconds)/24/3600" | bc
fi
;;

-i)
fix_broken_pipe=`openssl s_client -servername $servername -connect $host:$port -showcerts $starttls </dev/null 2>/dev/null |
sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`

issue_dn=`echo "$fix_broken_pipe" | openssl x509 -issuer -noout 2>/dev/null |
sed -n 's/issuer=//p'`

if [ -n "$issue_dn" ]
then
issuer=`echo $issue_dn | sed -n 's/.*CN=*//p'`
echo $issuer
fi
;;
*)
echo "usage: $0 [-i|-d] hostname port sni"
echo " -i Show Issuer"
echo " -d Show valid days remaining"
;;
esac
                        😘 1

                        Comment

                        Previous template Next
                        Working...