Skip to content

Instantly share code, notes, and snippets.

@kaspergrubbe

kaspergrubbe/tls_expire.rb

Created May 7, 2019 16:06
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kaspergrubbe/f0966c8b0b3544fb78e23b33013117f9 to your computer and use it in GitHub Desktop.
Save kaspergrubbe/f0966c8b0b3544fb78e23b33013117f9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tls_expire.rb
require "socket"
require "openssl"
class TlsCheckJob
include Sidekiq::Worker
def perform
domains = Domain.all.map(&:domain_name)
(domains).each do |org_domain|
days_left = days_left_for_certificate(org_domain)
payload_data = {
values: {days_left: days_left.to_f}.compact,
tags: {domain: org_domain}.compact,
}
Rails.configuration.billetto_metrics.write_point('rails.certificates', payload_data, 'ns')
end
end
private
def days_left_for_certificate(domain)
tcp_client = TCPSocket.new(domain, 443)
ssl_client = OpenSSL::SSL::SSLSocket.new(tcp_client)
ssl_client.hostname = domain
ssl_client.connect
cert = OpenSSL::X509::Certificate.new(ssl_client.peer_cert)
ssl_client.sysclose
tcp_client.close
certprops = OpenSSL::X509::Name.new(cert.issuer).to_a
issuer = certprops.select { |name, data, type| name == "O" }.first[1]
results = {
valid_on: cert.not_before.utc,
valid_until: cert.not_after.utc,
issuer: issuer,
days_left: (cert.not_after.utc - Time.now.utc).to_i / (24 * 60 * 60),
}
results[:days_left]
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment