Skip to content

Instantly share code, notes, and snippets.

@aequitas aequitas/ssl-expire

Last active Sep 23, 2016
Embed
What would you like to do?
#!/bin/bash
# based on: https://github.com/skylime/mi-core-base/blob/master/copy/opt/core/bin/ssl-expire.sh
domains=${*:?}
today_unixtime=$(date +%s)
trigger_unixtime=$(date +%s -d "+31 days")
for domain in ${domains}; do
crt="${TMPDIR:-/tmp}/$(mktemp cert-XXXXX)"
echo | openssl s_client -connect "${domain}:443" 2>/dev/null > "$crt"
if [[ $? -ne 0 ]];then
error[${#error[*]}]="$domain"
rm "$crt"
continue
fi
subject=$(openssl x509 -in "${crt}" -subject -noout | sed 's:.*/CN=\(.*\)$:\1:g')
expire_unixtime=$(date --date="$(openssl x509 -in "${crt}" -enddate -noout | cut -d= -f 2)" +%s)
rm "$crt"
expire_datetime=$(date +"%Y-%m-%d" -d "@${expire_unixtime}")
# expired
if [ "${today_unixtime}" -gt "${expire_unixtime}" ]; then
critical[${#critical[*]}]="${expire_datetime}: ${subject} ($domain)"
# expire during trigger unixtime
elif [[ ${expire_unixtime} -lt ${trigger_unixtime} && ${expire_unixtime} -gt ${today_unixtime} ]]; then
warning[${#warning[*]}]="${expire_datetime}: ${subject} ($domain)"
fi
done
# Output
if [[ "${error[0]}" ]]; then
echo "ERRORED: "
(for c in "${error[@]}"; do
echo " ${c}"
done) | sort -M -k 2
fi
if [[ "${critical[0]}" ]]; then
echo "EXPIRED: "
(for c in "${critical[@]}"; do
echo " ${c}"
done) | sort -M -k 2
fi
if [[ "${warning[0]}" ]]; then
echo "EXPIRE SOON: "
(for w in "${warning[@]}"; do
echo " ${w}"
done) | sort -M -k 2
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.