From 3991ea5e1c711c29d0da3a4e6f49a19a1483941e Mon Sep 17 00:00:00 2001
From: Mike D'Morto <mikedmorto@gmail.com>
Date: Wed, 10 Feb 2021 19:48:00 +0700
Subject: [PATCH 1/5] add mdmcertcheck.sh version 0.0

---
 README.md                    |  5 ++--
 mdmcertcheck/README.md       |  2 ++
 mdmcertcheck/certlist.cfg    |  9 +++++++
 mdmcertcheck/mdmcertcheck.sh | 47 ++++++++++++++++++++++++++++++++++++
 4 files changed, 60 insertions(+), 3 deletions(-)
 create mode 100644 mdmcertcheck/README.md
 create mode 100644 mdmcertcheck/certlist.cfg
 create mode 100644 mdmcertcheck/mdmcertcheck.sh

diff --git a/README.md b/README.md
index c93348d..fd84f47 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,4 @@
-tasks:
+dirs:
 
-1 - insert here all used scripts
+1 mdmcertcheck - scripts for check cert status
 
-2 - write new scripts only here
diff --git a/mdmcertcheck/README.md b/mdmcertcheck/README.md
new file mode 100644
index 0000000..4cffd44
--- /dev/null
+++ b/mdmcertcheck/README.md
@@ -0,0 +1,2 @@
+mdmcertcheck.sh - main shell script for check cert status
+certlist.cfg	- configuration file for cert list
diff --git a/mdmcertcheck/certlist.cfg b/mdmcertcheck/certlist.cfg
new file mode 100644
index 0000000..3ced7cf
--- /dev/null
+++ b/mdmcertcheck/certlist.cfg
@@ -0,0 +1,9 @@
+# this is the config file for mdmcertcheck.sh
+#
+# a record style: 
+# domain 	= domain of the cert
+# ip		= ip target server for taking cert
+# port		= port of target server for taking cert
+# cert=domain|ip|port
+# expemple:
+# cert=google.com|8.8.8.8|443
diff --git a/mdmcertcheck/mdmcertcheck.sh b/mdmcertcheck/mdmcertcheck.sh
new file mode 100644
index 0000000..595eaed
--- /dev/null
+++ b/mdmcertcheck/mdmcertcheck.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+# mdmcertcheck.sh is the script for checking a cert status
+# author mikedmorto 2021 year
+
+export LC_ALL=""
+export LANG="en_US.UTF-8"
+version="0.0"
+
+CERTLIST="certlist.cfg"
+
+JSON=""
+##### PARAMETERS#####
+METRIC="$1"
+ITEM="$2"
+
+case "$METRIC" in
+discovery)
+	#records from the config file
+	RECS=`cat `
+	JSON="{ \"data\":["
+
+	# append data 
+
+	# delete last simbol and add the end
+	JSON=${JSON::-1}
+	JSON=${JSON}"]}"
+	echo ${JSON}
+	exit 0
+;;
+
+script.verstion)
+	echo $VERSION
+;;
+
+help)
+echo "please use these params
+{
+discovery
+script.version
+}"
+;;
+
+*)
+        echo ""
+;;
+esac
+

From b4acb96e35a96ca81fad0967c9985cf3c5fa1fad Mon Sep 17 00:00:00 2001
From: Mike D'Morto <mikedmorto@gmail.com>
Date: Wed, 10 Feb 2021 20:01:09 +0700
Subject: [PATCH 2/5] mdmcertcheck v0.1 - discovery

---
 mdmcertcheck/mdmcertcheck.sh | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mdmcertcheck/mdmcertcheck.sh b/mdmcertcheck/mdmcertcheck.sh
index 595eaed..4d17713 100644
--- a/mdmcertcheck/mdmcertcheck.sh
+++ b/mdmcertcheck/mdmcertcheck.sh
@@ -4,7 +4,7 @@
 
 export LC_ALL=""
 export LANG="en_US.UTF-8"
-version="0.0"
+VERSION="0.1"
 
 CERTLIST="certlist.cfg"
 
@@ -16,10 +16,13 @@ ITEM="$2"
 case "$METRIC" in
 discovery)
 	#records from the config file
-	RECS=`cat `
+	RECS=`cat $CERTLIST |  awk -F: '/^[^#]/ { print $1 }' | grep -e "^cert=.*" |  cut -f 2 -d "="`
 	JSON="{ \"data\":["
 
 	# append data 
+	for REC_I in ${RECS}; do
+        	JSON=${JSON}" {\"{#CERT}\":\"${REC_I}\"},"
+      	done
 
 	# delete last simbol and add the end
 	JSON=${JSON::-1}
@@ -28,7 +31,7 @@ discovery)
 	exit 0
 ;;
 
-script.verstion)
+script.version)
 	echo $VERSION
 ;;
 

From 575b3e1cf3dbcd0fef7ab6fe40ed661c0cf8db3b Mon Sep 17 00:00:00 2001
From: Mike D'Morto <mikedmorto@gmail.com>
Date: Thu, 11 Feb 2021 11:34:31 +0700
Subject: [PATCH 3/5] mdmcertcheck v0.3 - valid valid_status isexist

---
 mdmcertcheck/mdmcertcheck.sh | 67 ++++++++++++++++++++++++++++++++++--
 1 file changed, 64 insertions(+), 3 deletions(-)

diff --git a/mdmcertcheck/mdmcertcheck.sh b/mdmcertcheck/mdmcertcheck.sh
index 4d17713..8e90b2f 100644
--- a/mdmcertcheck/mdmcertcheck.sh
+++ b/mdmcertcheck/mdmcertcheck.sh
@@ -4,15 +4,46 @@
 
 export LC_ALL=""
 export LANG="en_US.UTF-8"
-VERSION="0.1"
+VERSION="0.3"
 
 CERTLIST="certlist.cfg"
+CTIMEOUT="1"
+
+error(){
+	echo "-1"
+	exit 1
+}
 
 JSON=""
 ##### PARAMETERS#####
 METRIC="$1"
 ITEM="$2"
 
+CERT_DOMAIN=""
+CERT_IP=""
+CERT_PORT=""
+CERT_BODY=""
+
+parse_item(){
+	TITEM=$1
+	#parse item 
+	#check empty item
+	if [ -z "$TITEM" ]
+      then
+	  		error
+    fi
+	CERT_DOMAIN=`echo $ITEM | awk -F"|" '{print $1}'`
+	CERT_IP=`echo $ITEM | awk -F"|" '{print $2}'`
+	CERT_PORT=`echo $ITEM | awk -F"|" '{print $3}'`
+}
+
+get_cert(){
+	if ! CERT_BODY=$( echo | timeout "$CTIMEOUT" openssl s_client -servername "$CERT_DOMAIN" -verify_hostname "$CERT_DOMAIN" -connect "$CERT_IP":"$CERT_PORT" 2>/dev/null )
+	then
+		error
+	fi
+}
+
 case "$METRIC" in
 discovery)
 	#records from the config file
@@ -31,6 +62,33 @@ discovery)
 	exit 0
 ;;
 
+isexist)
+	#validating the cert
+	parse_item $ITEM
+	get_cert
+	# if get_cert has not en error then all is ok.
+	echo 1
+;;
+
+valid)
+	#validating the cert
+	parse_item $ITEM
+	get_cert
+	# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
+	RET=$( echo "$CERT_BODY" | grep -E '^ *Verify return code:' | sed -n 1p | sed 's/^ *//' | tr -s ' ' | cut -d' ' -f4 )
+	if [ "$RET" -eq "0" ]; then echo "1"; else echo "0"; fi
+
+;;
+
+valid_status)
+	#validating the cert
+	parse_item $ITEM
+	get_cert
+	# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
+	RET=$( echo "$CERT_BODY" | grep -E '^ *Verify return code:')
+	echo $RET;
+;;
+
 script.version)
 	echo $VERSION
 ;;
@@ -38,8 +96,11 @@ script.version)
 help)
 echo "please use these params
 {
-discovery
-script.version
+discovery		- discovery items from config file
+isexist			- the script has access to server with cert
+valid			- the cert is valid (1|0)
+valid_status	- the cert status in full text
+script.version	- current version of this script
 }"
 ;;
 

From 4d82676b638a69c6c3589e9c91e8dff0930490c5 Mon Sep 17 00:00:00 2001
From: Mike D'Morto <mikedmorto@gmail.com>
Date: Fri, 12 Feb 2021 11:41:51 +0700
Subject: [PATCH 4/5] mdmcertcheck v1.0 - expire certholder

---
 mdmcertcheck/mdmcertcheck.sh | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/mdmcertcheck/mdmcertcheck.sh b/mdmcertcheck/mdmcertcheck.sh
index 8e90b2f..4f89bd3 100644
--- a/mdmcertcheck/mdmcertcheck.sh
+++ b/mdmcertcheck/mdmcertcheck.sh
@@ -4,7 +4,7 @@
 
 export LC_ALL=""
 export LANG="en_US.UTF-8"
-VERSION="0.3"
+VERSION="1.0"
 
 CERTLIST="certlist.cfg"
 CTIMEOUT="1"
@@ -89,6 +89,26 @@ valid_status)
 	echo $RET;
 ;;
 
+expire)
+	#calculate expire days
+	parse_item $ITEM
+	get_cert
+	expire_date=$( echo "$CERT_BODY" | openssl x509 -noout -dates | grep '^notAfter' | cut -d'=' -f2 )
+	expire_date_epoch=$(date -d "$expire_date" +%s) || error "Failed to get expire date"
+	current_date_epoch=$(date +%s)
+	RET=$(( (expire_date_epoch - current_date_epoch)/(3600*24) ))
+	echo $RET
+;;
+
+certholder)
+	#get cert holder string
+	parse_item $ITEM
+	get_cert
+	# Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one
+	RET=$( echo "$CERT_BODY" | sed -n '/BEGIN CERTIFICATE/,/END CERT/p' |  openssl x509 -text 2>/dev/null | sed -n 's/ *Issuer: *//p' | sed -n 's/.*CN=*//p')
+	echo $RET;
+;;
+
 script.version)
 	echo $VERSION
 ;;
@@ -100,6 +120,8 @@ discovery		- discovery items from config file
 isexist			- the script has access to server with cert
 valid			- the cert is valid (1|0)
 valid_status	- the cert status in full text
+expire			- how many days for an unvalid state
+certholder		- certholder text
 script.version	- current version of this script
 }"
 ;;

From ebbcf6b944372494fd73873d76c13e8a54ffe5e5 Mon Sep 17 00:00:00 2001
From: Mike D'Morto <mikedmorto@gmail.com>
Date: Mon, 15 Feb 2021 18:38:08 +0700
Subject: [PATCH 5/5] mdmcertcheck v1.0 - docker + template

---
 mdmcertcheck/README.md               |  31 ++
 mdmcertcheck/mdmsslcertcheck.docker  |  24 ++
 mdmcertcheck/zabbix_3.x_template.xml | 414 +++++++++++++++++++++++++++
 3 files changed, 469 insertions(+)
 create mode 100644 mdmcertcheck/mdmsslcertcheck.docker
 create mode 100644 mdmcertcheck/zabbix_3.x_template.xml

diff --git a/mdmcertcheck/README.md b/mdmcertcheck/README.md
index 4cffd44..4655297 100644
--- a/mdmcertcheck/README.md
+++ b/mdmcertcheck/README.md
@@ -1,2 +1,33 @@
 mdmcertcheck.sh - main shell script for check cert status
 certlist.cfg	- configuration file for cert list
+zabbix_3.x_template.xml	- zabbix 3.x template
+mdmsslcertcheck.docker	- docker file 
+
+
+build and run docker file
+
+docker run --name certchecker --restart always -v /your/path/to/zabbix:/etc/zabbix/--privileged -d image:1.0
+
+and place zabbix config with scripts directory and configs
+and place sh in script
+and certlist.cfg and wtire path into script
+
+remember about zabbix config, enable it!!!
+
+####### USER-DEFINED MONITORED PARAMETERS #######
+
+### Option: UnsafeUserParameters
+#       Allow all characters to be passed in arguments to user-defined parameters.
+#       The following characters are not allowed:
+#       \ ' " ` * ? [ ] { } ~ $ ! & ; ( ) < > | # @
+#       Additionally, newline characters are not allowed.
+#       0 - do not allow
+#       1 - allow
+#
+# Mandatory: no
+# Range: 0-1
+# Default:
+# UnsafeUserParameters=0
+UnsafeUserParameters=1
+
+have a lot fun!
diff --git a/mdmcertcheck/mdmsslcertcheck.docker b/mdmcertcheck/mdmsslcertcheck.docker
new file mode 100644
index 0000000..fb3bfe1
--- /dev/null
+++ b/mdmcertcheck/mdmsslcertcheck.docker
@@ -0,0 +1,24 @@
+# Используем centos7 в качестве основы
+FROM centos:7
+# Сообщаем ОС, что она в докере
+ENV container docker
+# Включаем systemd
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
+systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+rm -f /lib/systemd/system/multi-user.target.wants/*;\
+rm -f /etc/systemd/system/*.wants/*;\
+rm -f /lib/systemd/system/local-fs.target.wants/*; \
+rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+rm -f /lib/systemd/system/basic.target.wants/*;\
+rm -f /lib/systemd/system/anaconda.target.wants/*;
+# Сообщаем, что этот раздел будет монтироваться при включении контейнера
+VOLUME [ "/sys/fs/cgroup" ]
+# Обновляемся и устанавливаем нужные пакеты для сборки\старта
+RUN yum update -y --nogpgcheck
+# install soft
+RUN yum install -y --nogpgcheck epel-release
+RUN yum install -y --nogpgcheck vim git cmake3 openssh-clients boost-devel gcc make gcc-c++ wget fish
+RUN yum install -y zabbix30-agent
+
+CMD ["/usr/sbin/init"]
diff --git a/mdmcertcheck/zabbix_3.x_template.xml b/mdmcertcheck/zabbix_3.x_template.xml
new file mode 100644
index 0000000..05f3ece
--- /dev/null
+++ b/mdmcertcheck/zabbix_3.x_template.xml
@@ -0,0 +1,414 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<zabbix_export>
+    <version>3.4</version>
+    <date>2021-02-15T11:33:22Z</date>
+    <groups>
+        <group>
+            <name>TEMPLATES</name>
+        </group>
+        <group>
+            <name>test</name>
+        </group>
+    </groups>
+    <templates>
+        <template>
+            <template>mdmcertchek-active-test</template>
+            <name>mdmcertchek-active-test</name>
+            <description>this is the test</description>
+            <groups>
+                <group>
+                    <name>TEMPLATES</name>
+                </group>
+                <group>
+                    <name>test</name>
+                </group>
+            </groups>
+            <applications>
+                <application>
+                    <name>mdmcertcheck</name>
+                </application>
+                <application>
+                    <name>mdmcertcheck-cert</name>
+                </application>
+            </applications>
+            <items>
+                <item>
+                    <name>script.version</name>
+                    <type>7</type>
+                    <snmp_community/>
+                    <snmp_oid/>
+                    <key>mdmcertcheck[script.version]</key>
+                    <delay>30s</delay>
+                    <history>90d</history>
+                    <trends>0</trends>
+                    <status>0</status>
+                    <value_type>4</value_type>
+                    <allowed_hosts/>
+                    <units/>
+                    <snmpv3_contextname/>
+                    <snmpv3_securityname/>
+                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                    <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                    <snmpv3_authpassphrase/>
+                    <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                    <snmpv3_privpassphrase/>
+                    <params/>
+                    <ipmi_sensor/>
+                    <authtype>0</authtype>
+                    <username/>
+                    <password/>
+                    <publickey/>
+                    <privatekey/>
+                    <port/>
+                    <description/>
+                    <inventory_link>0</inventory_link>
+                    <applications>
+                        <application>
+                            <name>mdmcertcheck</name>
+                        </application>
+                    </applications>
+                    <valuemap/>
+                    <logtimefmt/>
+                    <preprocessing/>
+                    <jmx_endpoint/>
+                    <master_item/>
+                </item>
+            </items>
+            <discovery_rules>
+                <discovery_rule>
+                    <name>mdmcertcheck discovery</name>
+                    <type>7</type>
+                    <snmp_community/>
+                    <snmp_oid/>
+                    <key>mdmcertcheck[discovery]</key>
+                    <delay>30s</delay>
+                    <status>0</status>
+                    <allowed_hosts/>
+                    <snmpv3_contextname/>
+                    <snmpv3_securityname/>
+                    <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                    <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                    <snmpv3_authpassphrase/>
+                    <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                    <snmpv3_privpassphrase/>
+                    <params/>
+                    <ipmi_sensor/>
+                    <authtype>0</authtype>
+                    <username/>
+                    <password/>
+                    <publickey/>
+                    <privatekey/>
+                    <port/>
+                    <filter>
+                        <evaltype>0</evaltype>
+                        <formula/>
+                        <conditions/>
+                    </filter>
+                    <lifetime>1d</lifetime>
+                    <description/>
+                    <item_prototypes>
+                        <item_prototype>
+                            <name>Cert $2 certholder</name>
+                            <type>7</type>
+                            <snmp_community/>
+                            <snmp_oid/>
+                            <key>mdmcertcheck[certholder,{#CERT}]</key>
+                            <delay>30s</delay>
+                            <history>90d</history>
+                            <trends>0</trends>
+                            <status>0</status>
+                            <value_type>4</value_type>
+                            <allowed_hosts/>
+                            <units/>
+                            <snmpv3_contextname/>
+                            <snmpv3_securityname/>
+                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                            <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                            <snmpv3_authpassphrase/>
+                            <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                            <snmpv3_privpassphrase/>
+                            <params/>
+                            <ipmi_sensor/>
+                            <authtype>0</authtype>
+                            <username/>
+                            <password/>
+                            <publickey/>
+                            <privatekey/>
+                            <port/>
+                            <description/>
+                            <inventory_link>0</inventory_link>
+                            <applications>
+                                <application>
+                                    <name>mdmcertcheck-cert</name>
+                                </application>
+                            </applications>
+                            <valuemap/>
+                            <logtimefmt/>
+                            <preprocessing/>
+                            <jmx_endpoint/>
+                            <application_prototypes/>
+                            <master_item_prototype/>
+                        </item_prototype>
+                        <item_prototype>
+                            <name>Cert $2 expire</name>
+                            <type>7</type>
+                            <snmp_community/>
+                            <snmp_oid/>
+                            <key>mdmcertcheck[expire,{#CERT}]</key>
+                            <delay>30s</delay>
+                            <history>90d</history>
+                            <trends>365d</trends>
+                            <status>0</status>
+                            <value_type>0</value_type>
+                            <allowed_hosts/>
+                            <units/>
+                            <snmpv3_contextname/>
+                            <snmpv3_securityname/>
+                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                            <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                            <snmpv3_authpassphrase/>
+                            <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                            <snmpv3_privpassphrase/>
+                            <params/>
+                            <ipmi_sensor/>
+                            <authtype>0</authtype>
+                            <username/>
+                            <password/>
+                            <publickey/>
+                            <privatekey/>
+                            <port/>
+                            <description/>
+                            <inventory_link>0</inventory_link>
+                            <applications>
+                                <application>
+                                    <name>mdmcertcheck-cert</name>
+                                </application>
+                            </applications>
+                            <valuemap/>
+                            <logtimefmt/>
+                            <preprocessing/>
+                            <jmx_endpoint/>
+                            <application_prototypes/>
+                            <master_item_prototype/>
+                        </item_prototype>
+                        <item_prototype>
+                            <name>Cert $2 isexist</name>
+                            <type>7</type>
+                            <snmp_community/>
+                            <snmp_oid/>
+                            <key>mdmcertcheck[isexist,{#CERT}]</key>
+                            <delay>30s</delay>
+                            <history>90d</history>
+                            <trends>365d</trends>
+                            <status>0</status>
+                            <value_type>0</value_type>
+                            <allowed_hosts/>
+                            <units/>
+                            <snmpv3_contextname/>
+                            <snmpv3_securityname/>
+                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                            <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                            <snmpv3_authpassphrase/>
+                            <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                            <snmpv3_privpassphrase/>
+                            <params/>
+                            <ipmi_sensor/>
+                            <authtype>0</authtype>
+                            <username/>
+                            <password/>
+                            <publickey/>
+                            <privatekey/>
+                            <port/>
+                            <description/>
+                            <inventory_link>0</inventory_link>
+                            <applications>
+                                <application>
+                                    <name>mdmcertcheck-cert</name>
+                                </application>
+                            </applications>
+                            <valuemap/>
+                            <logtimefmt/>
+                            <preprocessing/>
+                            <jmx_endpoint/>
+                            <application_prototypes/>
+                            <master_item_prototype/>
+                        </item_prototype>
+                        <item_prototype>
+                            <name>Cert $2 valid</name>
+                            <type>7</type>
+                            <snmp_community/>
+                            <snmp_oid/>
+                            <key>mdmcertcheck[valid,{#CERT}]</key>
+                            <delay>30s</delay>
+                            <history>90d</history>
+                            <trends>365d</trends>
+                            <status>0</status>
+                            <value_type>0</value_type>
+                            <allowed_hosts/>
+                            <units/>
+                            <snmpv3_contextname/>
+                            <snmpv3_securityname/>
+                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                            <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                            <snmpv3_authpassphrase/>
+                            <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                            <snmpv3_privpassphrase/>
+                            <params/>
+                            <ipmi_sensor/>
+                            <authtype>0</authtype>
+                            <username/>
+                            <password/>
+                            <publickey/>
+                            <privatekey/>
+                            <port/>
+                            <description/>
+                            <inventory_link>0</inventory_link>
+                            <applications>
+                                <application>
+                                    <name>mdmcertcheck-cert</name>
+                                </application>
+                            </applications>
+                            <valuemap/>
+                            <logtimefmt/>
+                            <preprocessing/>
+                            <jmx_endpoint/>
+                            <application_prototypes/>
+                            <master_item_prototype/>
+                        </item_prototype>
+                        <item_prototype>
+                            <name>Cert $2 valid_status</name>
+                            <type>7</type>
+                            <snmp_community/>
+                            <snmp_oid/>
+                            <key>mdmcertcheck[valid_status,{#CERT}]</key>
+                            <delay>30s</delay>
+                            <history>90d</history>
+                            <trends>0</trends>
+                            <status>0</status>
+                            <value_type>4</value_type>
+                            <allowed_hosts/>
+                            <units/>
+                            <snmpv3_contextname/>
+                            <snmpv3_securityname/>
+                            <snmpv3_securitylevel>0</snmpv3_securitylevel>
+                            <snmpv3_authprotocol>0</snmpv3_authprotocol>
+                            <snmpv3_authpassphrase/>
+                            <snmpv3_privprotocol>0</snmpv3_privprotocol>
+                            <snmpv3_privpassphrase/>
+                            <params/>
+                            <ipmi_sensor/>
+                            <authtype>0</authtype>
+                            <username/>
+                            <password/>
+                            <publickey/>
+                            <privatekey/>
+                            <port/>
+                            <description/>
+                            <inventory_link>0</inventory_link>
+                            <applications>
+                                <application>
+                                    <name>mdmcertcheck-cert</name>
+                                </application>
+                            </applications>
+                            <valuemap/>
+                            <logtimefmt/>
+                            <preprocessing/>
+                            <jmx_endpoint/>
+                            <application_prototypes/>
+                            <master_item_prototype/>
+                        </item_prototype>
+                    </item_prototypes>
+                    <trigger_prototypes>
+                        <trigger_prototype>
+                            <expression>{mdmcertchek-active-test:mdmcertcheck[expire,{#CERT}].last()}&lt;1</expression>
+                            <recovery_mode>0</recovery_mode>
+                            <recovery_expression/>
+                            <name>Cert {#CERT} expire 1 days</name>
+                            <correlation_mode>0</correlation_mode>
+                            <correlation_tag/>
+                            <url/>
+                            <status>0</status>
+                            <priority>5</priority>
+                            <description/>
+                            <type>0</type>
+                            <manual_close>0</manual_close>
+                            <dependencies/>
+                            <tags/>
+                        </trigger_prototype>
+                        <trigger_prototype>
+                            <expression>{mdmcertchek-active-test:mdmcertcheck[expire,{#CERT}].last()}&lt;3</expression>
+                            <recovery_mode>0</recovery_mode>
+                            <recovery_expression/>
+                            <name>Cert {#CERT} expire 3 days</name>
+                            <correlation_mode>0</correlation_mode>
+                            <correlation_tag/>
+                            <url/>
+                            <status>0</status>
+                            <priority>4</priority>
+                            <description/>
+                            <type>0</type>
+                            <manual_close>0</manual_close>
+                            <dependencies/>
+                            <tags/>
+                        </trigger_prototype>
+                        <trigger_prototype>
+                            <expression>{mdmcertchek-active-test:mdmcertcheck[expire,{#CERT}].last()}&lt;5</expression>
+                            <recovery_mode>0</recovery_mode>
+                            <recovery_expression/>
+                            <name>Cert {#CERT} expire 5 days</name>
+                            <correlation_mode>0</correlation_mode>
+                            <correlation_tag/>
+                            <url/>
+                            <status>0</status>
+                            <priority>3</priority>
+                            <description/>
+                            <type>0</type>
+                            <manual_close>0</manual_close>
+                            <dependencies/>
+                            <tags/>
+                        </trigger_prototype>
+                        <trigger_prototype>
+                            <expression>{mdmcertchek-active-test:mdmcertcheck[valid,{#CERT}].last()}=0</expression>
+                            <recovery_mode>0</recovery_mode>
+                            <recovery_expression/>
+                            <name>Cert {#CERT} is not valid</name>
+                            <correlation_mode>0</correlation_mode>
+                            <correlation_tag/>
+                            <url/>
+                            <status>0</status>
+                            <priority>5</priority>
+                            <description/>
+                            <type>0</type>
+                            <manual_close>0</manual_close>
+                            <dependencies/>
+                            <tags/>
+                        </trigger_prototype>
+                        <trigger_prototype>
+                            <expression>{mdmcertchek-active-test:mdmcertcheck[isexist,{#CERT}].last()}&lt;&gt;1</expression>
+                            <recovery_mode>0</recovery_mode>
+                            <recovery_expression/>
+                            <name>cert {#CERT} not found</name>
+                            <correlation_mode>0</correlation_mode>
+                            <correlation_tag/>
+                            <url/>
+                            <status>0</status>
+                            <priority>4</priority>
+                            <description/>
+                            <type>0</type>
+                            <manual_close>0</manual_close>
+                            <dependencies/>
+                            <tags/>
+                        </trigger_prototype>
+                    </trigger_prototypes>
+                    <graph_prototypes/>
+                    <host_prototypes/>
+                    <jmx_endpoint/>
+                </discovery_rule>
+            </discovery_rules>
+            <httptests/>
+            <macros/>
+            <templates/>
+            <screens/>
+        </template>
+    </templates>
+</zabbix_export>