julcap/check-cacerts.sh

## check-cacerts.sh
######################################################
# List certificates, find if a cert is expired.
# Requirements for sending emails: postfix, mailutils
#
# 15-12-2015
# Julian Capilla
# lyhan_jr@hotmail.com
######################################################

#!/bin/bash
pass="changeit"
cacerts="$1"
alias="$2"
to="$3"

if [ ! "$cacerts" ];then echo "Please enter cacerts file path" && exit;fi

if [ "$alias" = "--help" ] || [ "$cacerts" = "--help" ];then

    echo "Read cacert file and print expiration time of certificates"
    echo ""
    echo "$(basename $0) {cacerts file} {alias | option} {optional email}"
    echo "Example: $(basename $0) cacerts alias test@email.com,test2@email.com"
    echo "Options:"
    echo -e "\t-P\t\tPrints all aliases in cacerts file."
    echo -e "\t--all\t\tCheck all the certificates."
    echo -e "\t--help\t\tPrint this help."
    echo ""
    exit 0
fi

if [ ! "$alias" ];then echo "Please enter alias or valid option" && exit;fi
if [ ! -f $cacerts ];then echo "$cacerts is not a valid file." && exit 1;fi
if [ "$2" = "-P" ]
then
    # List aliases
    keytool -list -keystore $cacerts -storepass $pass | grep -v Certificate | cut -d, -f 1 -
elif [ "$2" = "--all" ];then
    for a in $(./"$0" $cacerts -P);do
       out="$(./"$0" $cacerts "$a" $to | egrep 'Valid|Expired')"
       if [ "$out" ];then echo -e $out"\t[$a]";fi
    done
else
    # Check dates
    output="$(keytool -list -v -alias $2 -keystore $cacerts -storepass $pass | grep Valid)"
    if [ ! "$output" ];then echo "Certificate alias not found." && exit 0;fi
    from="$(echo $output | awk -F'from:' '{print $2$3}'| cut -c -30)"
    until="$(echo $output | awk -F'until:' '{print $2$3}'| cut -c -30)"
    # Check if email and send email if cert is about to expire in less than 30 days
    if [ $to ];then
        edate="$(date  --date="$until" "+%Y%m%d")"
        ndate="$(date "+%Y%m%d")"
        time="$(echo $edate - $ndate | bc)"
        if [ $time -lt 30 ];then echo "Please renew certificate in '$cacerts'. Certificate '$alias' expires $until" | mail -s "Certificate about to expire in $(hostname)" $to ;fi
    fi
    if [ $(date +%Y%m%d) -lt $(date --date="$until" "+%Y%m%d") ];then echo "Valid until: $until";else echo Expired: $until;fi
fi
	######################################################
	# List certificates, find if a cert is expired.
	# Requirements for sending emails: postfix, mailutils
	#
	# 15-12-2015
	# Julian Capilla
	# lyhan_jr@hotmail.com
	######################################################

	#!/bin/bash
	pass="changeit"
	cacerts="$1"
	alias="$2"
	to="$3"

	if [ ! "$cacerts" ];then echo "Please enter cacerts file path" && exit;fi

	if [ "$alias" = "--help" ] \|\| [ "$cacerts" = "--help" ];then

	echo "Read cacert file and print expiration time of certificates"
	echo ""
	echo "$(basename $0) {cacerts file} {alias \| option} {optional email}"
	echo "Example: $(basename $0) cacerts alias test@email.com,test2@email.com"
	echo "Options:"
	echo -e "\t-P\t\tPrints all aliases in cacerts file."
	echo -e "\t--all\t\tCheck all the certificates."
	echo -e "\t--help\t\tPrint this help."
	echo ""
	exit 0
	fi

	if [ ! "$alias" ];then echo "Please enter alias or valid option" && exit;fi
	if [ ! -f $cacerts ];then echo "$cacerts is not a valid file." && exit 1;fi
	if [ "$2" = "-P" ]
	then
	# List aliases
	keytool -list -keystore $cacerts -storepass $pass \| grep -v Certificate \| cut -d, -f 1 -
	elif [ "$2" = "--all" ];then
	for a in $(./"$0" $cacerts -P);do
	out="$(./"$0" $cacerts "$a" $to \| egrep 'Valid\|Expired')"
	if [ "$out" ];then echo -e $out"\t[$a]";fi
	done
	else
	# Check dates
	output="$(keytool -list -v -alias $2 -keystore $cacerts -storepass $pass \| grep Valid)"
	if [ ! "$output" ];then echo "Certificate alias not found." && exit 0;fi
	from="$(echo $output \| awk -F'from:' '{print $2$3}'\| cut -c -30)"
	until="$(echo $output \| awk -F'until:' '{print $2$3}'\| cut -c -30)"
	# Check if email and send email if cert is about to expire in less than 30 days
	if [ $to ];then
	edate="$(date --date="$until" "+%Y%m%d")"
	ndate="$(date "+%Y%m%d")"
	time="$(echo $edate - $ndate \| bc)"
	if [ $time -lt 30 ];then echo "Please renew certificate in '$cacerts'. Certificate '$alias' expires $until" \| mail -s "Certificate about to expire in $(hostname)" $to ;fi
	fi
	if [ $(date +%Y%m%d) -lt $(date --date="$until" "+%Y%m%d") ];then echo "Valid until: $until";else echo Expired: $until;fi
	fi