UserParameters is a hint for you... Zabbix has no built in items to check certs in filesystem, so you need to create it by yourself...

Just to clarify: PKI (Public Key Infrastructure) is the complete framework of roles, policies, hardware, software and procedures required to manage the lifecycle, distribution, revocation and use of digital certificates. A website's SSL/TLS certificate would have been issued by a PKI server, if not self-signed. Therefore an SSL/TLS certificate is, by your definition, a "PKI certificate" too. I take you want to check certificates issued using certificate templates that are different from the website template and are not visible in a web browser.

Just to expand a bit more on cyber's UserParameters, the idea is to run a custom script on the agent that retrieves the certificate's expiry date, and calculates and returns its remaining lifetime in days. An excellent tutorial that helped me get my head around it is at https://www.youtube.com/watch?v=ojAU2AsB1so

Basically you'll have to write a script to retrieve the certificate of interest and its details from the certificate store, then calculate and output the remaining lifetime in days. It is specific to the OS and the scripting environment of your choice. As long as your script can output the number of days in an interactive console, you'll be good.

For instance, I have this certificate in my computer certificate store which expires on 22 Feb 2052 and it isn't a website certificate:



You'll need the thumbprint of the certificate:



Then you can calculate its remaining lifetime in days. A PowerShell one-liner would look like this:



On Linux you'd probably use a bash script and openssl.

Have fun :-)​