Release v0.1.0

Overview

Initial release!

This release provides an early release version of a Nagios plugin used to
monitor certificate-enabled services. This plugin will be used to verify that
the certificate used by the monitored service is valid (e.g., complete
certificate chain, expiration dates, etc).

Added

• Two tools for validating certificates

  • lscert CLI tool
    • verify remote certificate-enabled service
    • verify local certificate "bundle" or standalone leaf certificate file
  • check_cert Nagios plugin
    • verify remote certificate-enabled service

• Check expiration of all certificates in the provided certificate chain for
  cert-enabled services

  • not expired
  • expiring "soon"
    • warning threshold
    • critical threshold

• Validate provided hostname against Common Name or one of the available
  SANs entries

  • the expected hostname can be supplied by the --server flag or the
    --dns-name flag

• Optional support for verifying SANs entries on a certificate against a
  provided list

  • if SKIPSANSCHECKS keyword is supplied as the value no SANs entry checks
    will be performed; this keyword is useful for defining a shared Nagios
    check command and service check where some hosts may not use a certificate
    which has SANs entries defined

• Detailed "report" of findings

  • certificate order
  • certificate type
  • status (OK, CRITICAL, WARNING)
  • SANs entries
  • serial number
  • issuer

• Optional generation of OpenSSL-like text output from target cert-enabled
  service or filename

  • thanks to the grantae/certinfo package

• Optional, leveled logging using rs/zerolog package

  • JSON-format output (to stderr)
  • choice of disabled, panic, fatal, error, warn, info (the
    default), debug or trace.

• Optional, user-specified timeout value for TCP connection attempt

• Go modules support (vs classic GOPATH setup)

References

• See the v0.1.0 milestone for the issues associated with this release.
• See our CHANGELOG for more information.