Created
March 19, 2012 07:38
-
-
Save acidprime/2101142 to your computer and use it in GitHub Desktop.
Extension attribute to report on certificate expiration - https://jamfnation.jamfsoftware.com/discussion.html?id=3631
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/perl -w | |
| # | |
| open(CERTS, "security export -k login.keychain -t certs|"); | |
| my $ifile = ""; | |
| my $thisfile = ""; | |
| $username = $ENV{USER}; | |
| print "Found user name: $username\n"; | |
| $dsclmodulus = `/usr/bin/dscl localhost read /Search/Users/$username UserCertificate | | |
| /usr/bin/sed -e 's/UserCertificate://' | | |
| /usr/bin/xxd -r -p | openssl x509 -inform DER -outform PEM | | |
| /usr/bin/openssl x509 -noout -modulus` ; | |
| while(<CERTS>) { | |
| $ifile .= $_; | |
| $thisfile .= $_; | |
| if($_ =~ /^\-+END(\s\w+)?\sCERTIFICATE\-+$/) { | |
| $subject = `echo "$thisfile" | /usr/bin/openssl x509 -noout -subject`; | |
| chomp($enddate = `echo "$thisfile" | /usr/bin/openssl x509 -noout -enddate`); | |
| $enddate =~ s/notAfter=//g; | |
| print "Checking Certificate: $subject"; | |
| if($subject =~ m/$username/){ | |
| $crtmodulus = `echo "$thisfile" | /usr/bin/openssl x509 -noout -modulus`; | |
| print "Checking Certificate: $crtmodulus"; | |
| if($crtmodulus = $dsclmodulus){ | |
| print "Found Certificate Match\n: $subject"; | |
| print "<result>$enddate</result>\n"; | |
| exit 1; | |
| } | |
| } | |
| $thisfile = ""; | |
| } | |
| } | |
| close(CERTS); | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Example Output
/Users/acid/Dropbox/certcheckuser
Found user name: acid
Checking Certificate: subject= /CN=Apple Configurator (00:00:00:00:00:D8)/O=sand.wallcity.org/C=US
Checking Certificate: subject= /DC=example/DC=org/DC=wallcity/CN=Users/CN=Zack Smith/emailAddress=acidprimePLEASEDONT@SPAMMEwallcity.org
Checking Certificate: Modulus=E36F027DCFB6D56FD0D990AAD6A628FEF72B608E99BBD58952566F601E2AD717D48B05E0000000BF95FDC5CD6768243228CF5EC2B85947F510D791CAE4353ED0610C9139CEBD67052B1A255152111111176885CD8299D4B874D06F71A0128982C37D4400FCE9F8EC13E4F131B84AE0C66567A5AE7FCDF27493DFC79679CCACC864749ECDC4F105ED6F722CD1D6DC85B7CE80477ECE181612E74BC220C4B941C9A95C870F98129B9E6080AB2C08D460652329A249DE04256C6E8873A227556B3563662EFA87E5EFE65B4F9D03203B38C3756BE368B024F6200B309C03756F06A495472536DB343D0C45F41D08B164107066474E653CFC0A122906B4B0B35C19F
Found Certificate Match
: subject= /DC=example/DC=org/DC=wallcity/CN=Users/CN=Zack Smith/emailAddress=acidprimePLEASEDONT@SPAMMEwallcity.org
Oct 3 21:53:59 2012 GMT<\result>