====== check_tsa ====== **''check_tsa''** is Nagios/Icinga plugin to check timestamps generated by TSA servers (RFC3161). ===== Usage =====
Usage: check_tsa -H host -p port -P path [OPTIONS..] or -u TSA_URL [OPTIONS..] general options: -h show this help -v increase verbosity -V show version -w days TSA certificate expiration warning (implies -C) -c days TSA certificate expiration critical (implies -C) (if -w/-c options are not provided, upcoming certificate expiration is not checked) TSA query Options: -p port port number (default: default service protocol port) -P path HTTP request path (default: /) -s protocol protocol (scheme) (default: http) -t seconds timeout (default: 3) if not provided, DEFAULT_SOCKET_TIMEOUT applies, if available -a sha1|sha256|.. message digest (hash) algorithm (default: sha256) -i filename use file as input document (if not provided, empty file is used) -C include certificate request in the query -O OID request policy -4 resolve hostname to IPv4 address -6 resolve hostname to IPv6 address verification options: -b filename CA certificate file/bundle (openssl CAfile) -d dirname CA certificate directory (openssl CApath) -x filename TSA certificate other options: -Q filename save TSA query -R filename save TSA responseVerifying timestamps generated at hypothetical TSA server URL ''
$ wget -q 'http://www.globaltrustfinder.com/download.aspx?file=TrustAnchor\Ascertia\Ascertia%20Root%20CA%202.cer' -O ascertia_ca_2.crt
$ wget -q 'http://www.globaltrustfinder.com/download.aspx?file=TrustAnchor\Ascertia\Ascertia%20Public%20CA%201.cer' -O ascertia_publ_ca_1.crt
$ openssl x509 -in ascertia_ca_2.crt -inform DER -out ascertia_ca_2.pem -outform PEM
$ openssl x509 -in ascertia_publ_ca_1.crt -inform DER -out ascertia_publ_ca_1.pem -outform PEM
$ cat ascertia_ca_2.pem ascertia_publ_ca_1.pem > ascertia_bundle.pem
$ check_tsa -H services.globaltrustfinder.com -P /adss/tsa -C -b ascertia_bundle.pem
TSA OK: http://services.globaltrustfinder.com/adss/tsa TSR verified
$ check_tsa -H services.globaltrustfinder.com -P /adss/tsa -C -b ascertia_bundle.pem -v
TSA OK: http://services.globaltrustfinder.com/adss/tsa TSR verified; Jun 17 08:30:17 2014 GMT; /C=GB/O=Ascertia/CN=GlobalTrustFinder-Timestamping Service; sha1; 0x31D827AD23A306; 1.1.1.1.1
===== Requirements =====
check_tsa version 0.6 is using ''sh'', ''curl'', ''GNU date'', ''openssl'' and ''perl''.
===== Download =====
{{:sw:check_tsa-0.6.tgz|}} (SHA1 sum: ''5d6b3eb7043302f382bb6e45075eeafd8bc60523'')