WimObiwan/mon-ssl.sh

## mon-ssl.sh
#!/bin/bash

function test-ssl {
   # $1: descr
   # $2: server:port
   # $3: (optional) StartTLS indicator: [pop3|smtp]

   echo "(certificate"
   echo "-\\n"

   echo "(type"
   echo "-$1"
   echo ")type"

   echo "(server"
   echo "-$2"
   echo ")server"


   if [[ -z $3 ]]; then
      local CERT=`echo | openssl s_client -connect $2 -servername $2 2>/tmp/run-xml.err`
   else
      local CERT=`echo | openssl s_client -connect $2 -servername $2 -starttls $3 2>/tmp/run-xml.err`
   fi

   if [[ "$CERT" =~ '-----BEGIN CERTIFICATE-----' ]]; then
      local OPENSSL=`echo "$CERT" | openssl x509 -noout -issuer -dates -subject`
   else
      echo "Certificate load failed for $2 ($3)" >&2
      cat /tmp/run-xml.err >&2
   fi

   local NOTBEFORE=`echo "$OPENSSL" | grep 'notBefore' | sed "s/^notBefore=\(.*\)$/\1/g"`
   local NOTAFTER=`echo "$OPENSSL" | grep 'notAfter' | sed "s/^notAfter=\(.*\)$/\1/g"`
   local NOTAFTER_SEC=`date -d "$NOTAFTER" +%s`
   local NOW_SEC=`date +%s`
   local DIFF_SEC=$(($NOTAFTER_SEC-$NOW_SEC))
   local ISSUER=`echo "$OPENSSL" | grep "issuer" | sed "s/^issuer=\(.*\)$/\1/g"`
   local SUBJECT=`echo "$OPENSSL" | grep "subject" | sed "s/^subject=\(.*\)$/\1/g"`

   echo "(notbefore"
   echo "-$NOTBEFORE"
   echo ")notbefore"

   echo "(notafter"
   echo "-$NOTAFTER"
   echo ")notafter"

   echo "(notafter_sec"
   echo "-$DIFF_SEC"
   echo ")notafter_sec"

   echo "(issuer"
   echo "-$ISSUER"
   echo ")issuer"

   echo "(subject"
   echo "-$SUBJECT"
   echo ")subject"

   echo "-\\n"
   echo ")certificate"
}


echo "(certificates"
echo "-\\n"

test-ssl 'SMTP transfer' mail.foxinnovations.be:995
test-ssl 'SMTP submission' mail.foxinnovations.be:587 smtp
test-ssl 'POP3' mail.foxinnovations.be:110 pop3
test-ssl 'HTTPS' filmoptv.be:443
test-ssl 'HTTPS' www.filmoptv.be:443
test-ssl 'HTTPS' mon.foxinnovations.be:443

for f in /etc/letsencrypt/live/*; do
   test-ssl 'HTTPS' "$(basename $f):443"
done

echo "-\\n"
echo ")certificates"
	#!/bin/bash

	function test-ssl {
	# $1: descr
	# $2: server:port
	# $3: (optional) StartTLS indicator: [pop3\|smtp]

	echo "(certificate"
	echo "-\\n"

	echo "(type"
	echo "-$1"
	echo ")type"

	echo "(server"
	echo "-$2"
	echo ")server"


	if [[ -z $3 ]]; then
	local CERT=`echo \| openssl s_client -connect $2 -servername $2 2>/tmp/run-xml.err`
	else
	local CERT=`echo \| openssl s_client -connect $2 -servername $2 -starttls $3 2>/tmp/run-xml.err`
	fi

	if [[ "$CERT" =~ '-----BEGIN CERTIFICATE-----' ]]; then
	local OPENSSL=`echo "$CERT" \| openssl x509 -noout -issuer -dates -subject`
	else
	echo "Certificate load failed for $2 ($3)" >&2
	cat /tmp/run-xml.err >&2
	fi

	local NOTBEFORE=`echo "$OPENSSL" \| grep 'notBefore' \| sed "s/^notBefore=\(.*\)$/\1/g"`
	local NOTAFTER=`echo "$OPENSSL" \| grep 'notAfter' \| sed "s/^notAfter=\(.*\)$/\1/g"`
	local NOTAFTER_SEC=`date -d "$NOTAFTER" +%s`
	local NOW_SEC=`date +%s`
	local DIFF_SEC=$(($NOTAFTER_SEC-$NOW_SEC))
	local ISSUER=`echo "$OPENSSL" \| grep "issuer" \| sed "s/^issuer=\(.*\)$/\1/g"`
	local SUBJECT=`echo "$OPENSSL" \| grep "subject" \| sed "s/^subject=\(.*\)$/\1/g"`

	echo "(notbefore"
	echo "-$NOTBEFORE"
	echo ")notbefore"

	echo "(notafter"
	echo "-$NOTAFTER"
	echo ")notafter"

	echo "(notafter_sec"
	echo "-$DIFF_SEC"
	echo ")notafter_sec"

	echo "(issuer"
	echo "-$ISSUER"
	echo ")issuer"

	echo "(subject"
	echo "-$SUBJECT"
	echo ")subject"

	echo "-\\n"
	echo ")certificate"
	}


	echo "(certificates"
	echo "-\\n"

	test-ssl 'SMTP transfer' mail.foxinnovations.be:995
	test-ssl 'SMTP submission' mail.foxinnovations.be:587 smtp
	test-ssl 'POP3' mail.foxinnovations.be:110 pop3
	test-ssl 'HTTPS' filmoptv.be:443
	test-ssl 'HTTPS' www.filmoptv.be:443
	test-ssl 'HTTPS' mon.foxinnovations.be:443

	for f in /etc/letsencrypt/live/*; do
	test-ssl 'HTTPS' "$(basename $f):443"
	done

	echo "-\\n"
	echo ")certificates"