Skip to content

Instantly share code, notes, and snippets.

@beryllium

beryllium/cert_check.sh

Created February 23, 2013 00:06
Show Gist options
  • Save beryllium/5017559 to your computer and use it in GitHub Desktop.
Save beryllium/5017559 to your computer and use it in GitHub Desktop.
Download ZIP
So, you've got a bunch of servers with SSL certs and you're constantly forgetting when to renew? Fret no more! Now there's one more tool you can add to the pages-long list of tools that can solve this problem.
Raw
cert_check.sh
#!/bin/bash
servers[0]=server0.example.com
servers[1]=server1.example.com
servers[2]=server2.example.com
TMP_CERT_QUIT=/tmp/check_cert_quit.tmp
TMP_CERT_CHECK=/tmp/check_cert.tmp
if [ -f "$TMP_CERT_CHECK" ]
then
rm "$TMP_CERT_CHECK"
fi
echo 'quit\n' > "$TMP_CERT_QUIT"
for i in ${servers[@]}
do
echo Checking server: $i
openssl s_client -connect "$i:443" < "$TMP_CERT_QUIT" > "$TMP_CERT_CHECK" 2>/dev/null # Maybe this null redirect could be used to find MITM attacks instead?
EXPIRE_DATE_TMP=`openssl x509 -in "$TMP_CERT_CHECK" -noout -enddate`
EXPIRE_DATE=`echo "$EXPIRE_DATE_TMP" | sed 's/[^=]*=//'`
echo " Expires: $EXPIRE_DATE"
rm "$TMP_CERT_CHECK"
done
rm "$TMP_CERT_QUIT"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment