Created
December 1, 2017 10:05
-
-
Save fuzzysteve/714838fac169dcf4017c656e1adb1aaf to your computer and use it in GitHub Desktop.
python script to check SSL certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import socket | |
import ssl | |
from ssl import CERT_OPTIONAL | |
import datetime | |
import logging | |
def ssl_cert_info(hostname): | |
ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z' | |
context = ssl.create_default_context() | |
context.verify_flags=CERT_OPTIONAL | |
conn = context.wrap_socket( | |
socket.socket(socket.AF_INET), | |
server_hostname=hostname, | |
) | |
# 3 second timeout because Lambda has runtime limitations | |
conn.settimeout(3.0) | |
conn.connect((hostname, 443)) | |
ssl_info = conn.getpeercert() | |
# parse the string from the certificate into a Python datetime object | |
return ssl_info | |
def ssl_valid_time_remaining(ssl_info): | |
ssl_date_fmt = r'%b %d %H:%M:%S %Y %Z' | |
"""Get the number of days left in a cert's lifetime.""" | |
expires = datetime.datetime.strptime(ssl_info['notAfter'], ssl_date_fmt) | |
return expires - datetime.datetime.utcnow() | |
def ssl_issuer(ssl_info): | |
try: | |
for entry in ssl_info['issuer']: | |
if entry[0][0] == 'organizationName': | |
orgname=entry[0][1] | |
if entry[0][0] == 'commonName': | |
commonname=entry[0][1] | |
return "{}, {}".format(commonname,orgname) | |
except: | |
return ssl_info['issuer'] | |
def lock_colour(colour,new_colour): | |
if new_colour == 'red' or colour == 'red': | |
return 'red' | |
if colour == 'yellow' or new_colour == 'yellow': | |
return 'yellow' | |
return 'green' | |
import csv | |
import os | |
colour='green' | |
status='<pre>' | |
with open(os.path.join(os.environ['XYMONHOME'],'etc','sslcerts.csv'), 'rb') as csvfile: | |
filereader=csv.reader(csvfile,dialect='excel') | |
for row in filereader: | |
try: | |
ssl_info=ssl_cert_info(row[0]) | |
except: | |
colour=lock_colour(colour,'red') | |
status='{}\n<IMG SRC="/xymon/gifs/red.gif" ALT="red" HEIGHT="16" WIDTH="16" BORDER=0> SSL certificate for {} is not valid'.format(status,row[0]) | |
continue; | |
date=ssl_valid_time_remaining(ssl_info) | |
issuer=ssl_issuer(ssl_info) | |
if date.days<10: | |
colour=lock_colour(colour,'red') | |
status='{}\n<IMG SRC="/xymon/gifs/red.gif" ALT="red" HEIGHT="16" WIDTH="16" BORDER=0> SSL certificate for {} is expiring in {}\n{}'.format(status,row[0],date,issuer) | |
elif date.days<30: | |
colour=lock_colour(colour,'yellow') | |
status='{}\n<IMG SRC="/xymon/gifs/yellow.gif" ALT="yellow" HEIGHT="16" WIDTH="16" BORDER=0> SSL certificate for {} is expiring in {}\n{}'.format(status,row[0],date,issuer) | |
else: | |
status='{}\n<IMG SRC="/xymon/gifs/green.gif" ALT="green" HEIGHT="16" WIDTH="16" BORDER=0> SSL certificate for {} is expiring in {}'.format(status,row[0],date) | |
status="{}\n</pre>".format(status) | |
from xymon import Xymon | |
server = Xymon('hostgoeshere', 1984) | |
server.report('reporthosegoeshere', 'SSLCerts', colour,status) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment