Skip to content

Instantly share code, notes, and snippets.

@Sean-Bradley

Sean-Bradley/checkssl.sh

Last active October 20, 2023 17:37
Show Gist options
  • Save Sean-Bradley/7826495e54f52865dd1d0af14a6570ea to your computer and use it in GitHub Desktop.
Save Sean-Bradley/7826495e54f52865dd1d0af14a6570ea to your computer and use it in GitHub Desktop.
Download ZIP
A script to return the number of days before a SSL certificate expires. Visit https://sbcode.net/zabbix/system-run/ for instructions
Raw
checkssl.sh
data=`echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'`
ssldate=`date -d "${data}" '+%s'`
nowdate=`date '+%s'`
diff="$((${ssldate}-${nowdate}))"
echo $((${diff}/86400))
@Sean-Bradley
Copy link
Author

Sean-Bradley commented Jul 26, 2019
edited
Loading

Create the file, then give it execute permissions,

sudo chmod a+x checkssl.sh

Example usage

$ ./checkssl.sh github.com
$ ./checkssl.sh google.com
$ ./checkssl.sh zabbix.com

Example Zabbix item key is
system.run[/home/zabbix/checkssl.sh google.com]

@lsimpson245
Copy link

We added support for a second parameter "PORT".
By default without specifying a port is uses 443.
If you use a key: checkssl.sh[costlogic.adm.swri.edu,7002]
It will test using port 7002.

Looks like it works all around.. If you see any issues it can be reverted by removing the IF statement and replacing $PORT with 443.

[root@zabbix-svr ~]# cat /usr/share/zabbix/externalscripts/checkssl.sh
#!/bin/bash
if [ -z $2 ] ; then
PORT=443
else
PORT=$2
fi
data=echo | openssl s_client -servername $1 -connect $1:$PORT 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'

ssldate=date -d "${data}" '+%s'
nowdate=date '+%s'
diff="$((${ssldate}-${nowdate}))"

echo $((${diff}/86400))

This could be something you want to include in your script for future use. It may not be as clean but it works.

Thanks

@Sean-Bradley
Copy link
Author

Thats a useful addition, thanks.

@saumyajit
Copy link

saumyajit commented May 22, 2020
edited
Loading

We added support for a second parameter "PORT".
By default without specifying a port is uses 443.
If you use a key: checkssl.sh[costlogic.adm.swri.edu,7002]
It will test using port 7002.

Looks like it works all around.. If you see any issues it can be reverted by removing the IF statement and replacing $PORT with 443.

[root@zabbix-svr ~]# cat /usr/share/zabbix/externalscripts/checkssl.sh
#!/bin/bash
if [ -z $2 ] ; then
PORT=443
else
PORT=$2
fi
data=echo | openssl s_client -servername $1 -connect $1:$PORT 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##'

ssldate=date -d "${data}" '+%s'
nowdate=date '+%s'
diff="$((${ssldate}-${nowdate}))"

echo $((${diff}/86400))

This could be something you want to include in your script for future use. It may not be as clean but it works.

Thanks

missing or " " on data, ssldate & nowdate.

@franko108
Copy link

Thanks, works like a charm.
Particularly useful if we have some protected hosts and public check of SSL expiration is not possible. Script is doing it locally on own host, nice.
All the best

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment