[chriscareycode]

That would be

/usr/lib/nagios/plugins/check_http --ssl -C 30 -H contracts.comcast.com

CRITICAL - Certificate expired on 05/08/2012 23:59.

[eric_bullington]

You can also use openssl's built-in utility* to see that the certificate has expired:

  openssl s_client -showcerts -connect contracts.comcast.com:443

*You may also need to specify the path to your certificates using something like: -CApath /etc/ssl/certs/

To get the exact expiration date, it appears you have to do:

1) download cert:

  openssl s_client -connect hostname:port > cert.pem

2) verify date:

  openssl x509 -in cert.pem -noout -enddat

[Dobbs]

You rock sir. I was on my phone so I couldn't look it up when I wrote the op. Thanks.