Bulk-check expiry dates and issuers of website SSL certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#! /bin/bash | |
# | |
# add your sites here, one per line | |
# prepend # to temporarily exclude an entry | |
# | |
sites=" | |
reddit.com | |
google.com | |
microsoft.com | |
news.ycombinator.com | |
#twitter.com | |
" | |
tmp=/tmp/cert-check.out | |
now=`date -d "$now" +%s` | |
for site in $sites | |
do | |
if [[ $site == \#* ]]; then continue; fi | |
printf %-30s "$site: " | |
echo | openssl s_client -showcerts -servername $site -connect $site:443 2>/dev/null | openssl x509 -inform pem -noout -text > $tmp | |
issuer=`grep 'Issuer:' $tmp` | |
issuer=${issuer##*O=} | |
issuer=${issuer%%,*} | |
subject=`grep 'Subject:' $tmp` | |
subject=${subject##*CN=} | |
subject=${subject%%,*} | |
if [[ $site == $subject ]] || [[ ".$site" == $subject ]]; then match=' '; else match='!'; fi | |
expires=`grep 'Not After' $tmp` | |
expires=`date '+%Y-%m-%d' -d "${expires#*:}"` | |
epoch=`date -d "$expires" +%s` | |
if [ $epoch -lt $now ] | |
then | |
left='EXPIRED' | |
else | |
days=$(( ($epoch - $now) / 86400 )) | |
left="$days days" | |
fi | |
printf %1s $match | |
printf %30s "$subject | " | |
printf %10s "$expires | " | |
printf %14s "$left | " | |
echo " $issuer"; | |
done |
No idea, mate.
In Mac OS, you can use gdate instead of the date command.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Why does
date -d "$now" +%s
return?
Works on Ubuntu - date is throwing invalid format in macOS.