- Products
- Learn
- Local User Groups
- Partners
- More
The State of Ransomware Q1 2026
Key Trends and Their Impact
Good, Better, Best:
Prioritizing Defenses Against Credential Abuse
AI Security Masters E7:
How CPR Broke ChatGPT's Isolation and What It Means for You
Blueprint Architecture for Securing
The AI Factory & AI Data Center
Call For Papers
Your Expertise. Our Stage
CheckMates Go:
CheckMates Fest
Yep. Here's what I did:
# I use Nagios
. /usr/lib/nagios/plugins/utils.sh
check_ike_certs() {
cert_block=""
cert_host=""
cert_time=""
cert_host_regex="^Subject = CN=(.*) VPN Certificate"
cert_time_regex="Not_After: (.*)"
declare -A cert_list # associative array of "cert_host = cert_time"
declare -a cert_host_list # to hold sorted list of cert hosts
while read cert_block; do
if [[ ${cert_block} =~ ^$ ]]; then
if [ -n "${cert_host}" -a -n "${cert_time}" ]; then
cert_list[${cert_host}]="${cert_time}"
fi
cert_block=""
cert_host=""
cert_time=""
else
if [[ ${cert_block} =~ ${cert_host_regex} ]]; then
cert_host=${BASH_REMATCH[1]}
elif [[ ${cert_block} =~ ${cert_time_regex} ]]; then
cert_time=${BASH_REMATCH[1]}
else
continue
fi
fi
done <<<$(cpca_client lscert -stat Valid -kind IKE;echo " "; echo) #Add artificial blank line as EOF for the while loop
# sort the associate array keys to a natural list
read -a cert_host_list <<<$( for c_host in "${!cert_list[@]}"; do
echo $c_host
done |sort -f |xargs)
for c_host in "${cert_host_list[@]}"; do
check_cert_time $c_host "${cert_list[$c_host]}"
done
# check exit status against bitwise code and exit accordingly
if (( ${exitstatus} )); then
echo "${status_msg} | ${perf_msg}"
if (( ${exitstatus} & 4 )); then
exitstatus="UNKNOWN"
elif (( ${exitstatus} & 2 )); then
exitstatus="CRITICAL"
elif (( ${exitstatus} & 1 )); then
exitstatus="WARNING"
fi
else
echo "IKE certificates are OK | ${perf_msg}"
exitstatus="OK"
fi
}
# deal with $exitstatus however you want.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
