Status of various ssl/tls services can be easily checked with openssl command s_client.
POP3s check:
openssl s_client -no_tls1 -connect pop.gmail.com:995
SMTP – TLS check:
openssl s_client -starttls smtp -connect smtp.gmail.com:25
HTTPS:
openssl s_client -connect mail.google.com:443
This can be used for monitoring services with zabbix using external check (script):
#!/bin/bash
if [ -z $1 ]; then echo 0;
exit 1;
fi
server=$1;
echo "quit" | openssl s_client -quiet -no_tls1 -connect $server:995 2> /dev/null | grep "+OK" | wc -l &
sleep 3;
openssl_pid=`ps aux | grep "openssl s_client -quiet -no_tls1 -connect $server" | awk {'print $2'}`
if [ -n "$openssl_pid" ]; then
kill $openssl_pid 2> /dev/null
fi