diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/check_ldap.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c
--- nagios-plugins-1.4.16/plugins/check_ldap.c	2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/check_ldap.c	2012-07-06 12:57:15.562316155 +0200
@@ -72,6 +72,9 @@
 int ssl_on_connect = FALSE;
 int verbose = 0;
 
+int check_cert = FALSE;
+int days_till_exp_warn, days_till_exp_crit;
+
 /* for ldap tls */
 
 char *SERVICE = "LDAP";
@@ -157,6 +160,9 @@
 			printf (_("Could not init TLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
 		}
+
+		if (check_cert == TRUE)
+			return ldap_check_cert(ld);
 #else
 		printf (_("TLS not supported by the libraries!\n"));
 		return STATE_CRITICAL;
@@ -181,6 +187,9 @@
 			printf (_("Could not init startTLS at port %i!\n"), ld_port);
 			return STATE_CRITICAL;
 		}
+
+		if (check_cert == TRUE)
+			return ldap_check_cert(ld);
 #else
 		printf (_("startTLS not supported by the library, needs LDAPv3!\n"));
 		return STATE_CRITICAL;
@@ -240,6 +249,7 @@
 process_arguments (int argc, char **argv)
 {
 	int c;
+        char *temp;
 
 	int option = 0;
 	/* initialize the long option struct */
@@ -258,6 +268,7 @@
 #endif
 		{"starttls", no_argument, 0, 'T'},
 		{"ssl", no_argument, 0, 'S'},
+		{"certificate", required_argument, 0, 'C'},
 		{"use-ipv4", no_argument, 0, '4'},
 		{"use-ipv6", no_argument, 0, '6'},
 		{"port", required_argument, 0, 'p'},
@@ -276,7 +287,7 @@
 	}
 
 	while (1) {
-		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:", longopts, &option);
+		c = getopt_long (argc, argv, "hvV234TS6t:c:w:H:b:p:a:D:P:C:", longopts, &option);
 
 		if (c == -1 || c == EOF)
 			break;
@@ -338,6 +349,33 @@
 			else
 				usage_va(_("%s cannot be combined with %s"), "-T/--starttls", "-S/--ssl");
 			break;
+		case 'C': /* Check SSL cert validity */
+#ifndef HAVE_SSL
+			usage4 (_("Invalid option - SSL is not available"));
+#else
+			if (starttls || ssl_on_connect || strstr(argv[0],"check_ldaps")) {
+				if ((temp=strchr(optarg,','))!=NULL) {
+					*temp = '\0';
+					if (!is_intnonneg (temp))
+						usage2 (_("Invalid certificate expiration period"), optarg);
+					days_till_exp_warn = atoi(optarg);
+					*temp = ',';
+					temp++;
+					if (!is_intnonneg (temp))
+						usage2 (_("Invalid certificate expiration period"), temp);
+						days_till_exp_crit = atoi (temp);
+				} else {
+					days_till_exp_crit = 0;
+					if (!is_intnonneg (optarg))
+						usage2 (_("Invalid certificate expiration period"), optarg);
+					days_till_exp_warn = atoi (optarg);
+				}
+				check_cert = TRUE;
+			} else {
+				usage_va(_("%s requires either %s or %s"), "-C/--certificate", "-S/--ssl", "-T/--starttls");
+			}
+			break;
+#endif
 		case 'S':
 			if (! starttls) {
 				ssl_on_connect = TRUE;
@@ -420,6 +458,9 @@
   printf (" %s\n", "-S [--ssl]");
   printf ("    %s %i\n", _("use ldaps (ldap v2 ssl method). this also sets the default port to"), LDAPS_PORT);
 
+  printf (" %s\n", "-C [--certificate]");
+  printf ("    %s\n", _("Minimum number of days a certificate has to be valid"));
+
 #ifdef HAVE_LDAP_SET_OPTION
 	printf (" %s\n", "-2 [--ver2]");
   printf ("    %s\n", _("use ldap protocol version 2"));
@@ -455,7 +496,7 @@
 {
   printf ("%s\n", _("Usage:"));
 	printf (" %s -H <host> -b <base_dn> [-p <port>] [-a <attr>] [-D <binddn>]",progname);
-  printf ("\n       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout]%s\n",
+  printf ("\n       [-P <password>] [-w <warn_time>] [-c <crit_time>] [-t timeout] [-C <age>]%s\n",
 #ifdef HAVE_LDAP_SET_OPTION
 			"\n       [-2|-3] [-4|-6]"
 #else
@@ -463,3 +504,16 @@
 #endif
 			);
 }
+
+int ldap_check_cert (LDAP *ld)
+{
+	SSL *ssl;
+	int rc;
+
+	rc = ldap_get_option(ld, LDAP_OPT_X_TLS_SSL_CTX, &ssl);
+	if (rc == LDAP_OPT_ERROR || ssl == NULL) {
+		printf ("%s\n",_("CRITICAL - Cannot retrieve ssl session from connection."));
+		return STATE_CRITICAL;
+	}
+	return np_net_ssl_check_cert_real(ssl, days_till_exp_warn, days_till_exp_crit);
+}
diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/Makefile.am nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am
--- nagios-plugins-1.4.16/plugins/Makefile.am	2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/Makefile.am	2012-07-04 11:03:00.888343446 +0200
@@ -72,7 +72,7 @@
 check_game_LDADD = $(BASEOBJS) runcmd.o
 check_http_LDADD = $(SSLOBJS) $(NETLIBS) $(SSLLIBS)
 check_hpjd_LDADD = $(NETLIBS) popen.o
-check_ldap_LDADD = $(NETLIBS) $(LDAPLIBS)
+check_ldap_LDADD = $(SSLOBJS) $(NETLIBS) $(LDAPLIBS) $(SSLLIBS)
 check_load_LDADD = $(BASEOBJS) popen.o
 check_mrtg_LDADD = $(BASEOBJS)
 check_mrtgtraf_LDADD = $(BASEOBJS)
@@ -118,7 +118,7 @@
 check_http_DEPENDENCIES = check_http.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
 check_hpjd_DEPENDENCIES = check_hpjd.c $(NETOBJS) popen.o $(DEPLIBS)
 check_ide_smart_DEPENDENCIES = check_ide_smart.c $(BASEOBJS) $(DEPLIBS)
-check_ldap_DEPENDENCIES = check_ldap.c $(NETOBJS) $(DEPLIBS)
+check_ldap_DEPENDENCIES = check_ldap.c $(SSLOBJS) $(NETOBJS) $(DEPLIBS)
 check_load_DEPENDENCIES = check_load.c $(BASEOBJS) popen.o $(DEPLIBS)
 check_mrtg_DEPENDENCIES = check_mrtg.c $(DEPLIBS)
 check_mrtgtraf_DEPENDENCIES = check_mrtgtraf.c $(DEPLIBS)
diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/netutils.h nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h
--- nagios-plugins-1.4.16/plugins/netutils.h	2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/netutils.h	2012-07-04 11:03:56.291891100 +0200
@@ -104,6 +104,7 @@
 int np_net_ssl_write(const void *buf, int num);
 int np_net_ssl_read(void *buf, int num);
 int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit);
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit);
 #endif /* HAVE_SSL */
 
 #endif /* _NETUTILS_H_ */
diff -Naur -x '*~' -x '*.orig' -x '*.rej' nagios-plugins-1.4.16/plugins/sslutils.c nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c
--- nagios-plugins-1.4.16/plugins/sslutils.c	2012-06-27 19:32:47.000000000 +0200
+++ nagios-plugins-1.4.16-check_ldap_certificate/plugins/sslutils.c	2012-07-06 13:11:37.469453627 +0200
@@ -128,6 +128,15 @@
 
 int np_net_ssl_check_cert(int days_till_exp_warn, int days_till_exp_crit){
 #  ifdef USE_OPENSSL
+	return np_net_ssl_check_cert_real(s, days_till_exp_warn, days_till_exp_crit);
+#  else /* ifndef USE_OPENSSL */
+	printf ("%s\n", _("WARNING - Plugin does not support checking certificates."));
+	return STATE_WARNING;
+#  endif /* USE_OPENSSL */
+}
+
+int np_net_ssl_check_cert_real(SSL *ssl, int days_till_exp_warn, int days_till_exp_crit){
+#  ifdef USE_OPENSSL
 	X509 *certificate=NULL;
 	X509_NAME *subj=NULL;
 	char cn[MAX_CN_LENGTH]= "";
@@ -141,7 +150,7 @@
 	int days_left;
 	char timestamp[17] = "";
 
-	certificate=SSL_get_peer_certificate(s);
+	certificate=SSL_get_peer_certificate(ssl);
 	if (!certificate) {
 		printf("%s\n",_("CRITICAL - Cannot retrieve server certificate."));
 		return STATE_CRITICAL;