Last active
May 22, 2024 13:09
-
-
Save kkroesch/404460fa4fa272b9142595f4c6c5d728 to your computer and use it in GitHub Desktop.
Checking the remaining valid days for certificates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Return the number of days the given certificate file is still valid | |
| # | |
| if [ "$#" -eq 0 ]; then | |
| echo "Usage: crt_valid_days <certificate>" | |
| exit 1 | |
| fi | |
| if ! command -v openssl &> /dev/null; then | |
| echo "ERROR: OpenSSL not installed." | |
| exit 1 | |
| fi | |
| CERT_FILE=$1 | |
| not_after=$(openssl x509 -in ${CERT_FILE} -noout -enddate | cut -d= -f2) | |
| expire_seconds=$(date -ud "$not_after" +%s) | |
| current_seconds=$(date +%s) | |
| seconds_per_day=86400 | |
| echo $(( (expire_seconds - current_seconds) / seconds_per_day )) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Return number of days the certificate is valid | |
| if [ "$#" -eq 0 ]; then | |
| echo "Usage: crt_valid_days_tls <domain>" | |
| exit 1 | |
| fi | |
| # Hostname of the website | |
| DOMAIN_NAME=$1 | |
| # Webserver to connect to, usually identic | |
| SERVER_NAME=${DOMAIN_NAME} | |
| notAfter=$(echo | openssl s_client -servername ${DOMAIN_NAME} -connect ${SERVER_NAME}:443 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f2) | |
| expire_seconds=$(date -ud "$notAfter" +%s) | |
| current_seconds=$(date +%s) | |
| seconds_per_day=86400 | |
| echo $(( (expire_seconds - current_seconds) / seconds_per_day )) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "crypto/x509" | |
| "encoding/pem" | |
| "fmt" | |
| "io/ioutil" | |
| "log" | |
| "os" | |
| "time" | |
| ) | |
| func main() { | |
| if len(os.Args) < 2 { | |
| log.Fatalf("Missing certifcate file name.") | |
| os.Exit(99) | |
| } | |
| cert_path := os.Args[1] | |
| certPEM, err := ioutil.ReadFile(cert_path) | |
| if err != nil { | |
| log.Fatalf("error loading certificate: %v", err) | |
| } | |
| // PEM-Block decodieren | |
| block, _ := pem.Decode(certPEM) | |
| if block == nil { | |
| log.Fatalf("error decoding PEM block.") | |
| } | |
| // Zertifikat parsen | |
| cert, err := x509.ParseCertificate(block.Bytes) | |
| if err != nil { | |
| log.Fatalf("error parsing certificate: %v", err) | |
| } | |
| // Gültigkeitsdaten ausgeben | |
| now := time.Now() | |
| if now.Before(cert.NotBefore) || now.After(cert.NotAfter) { | |
| fmt.Println(-1) | |
| os.Exit(0) | |
| } | |
| remainingDays := cert.NotAfter.Sub(now).Hours() / 24 | |
| fmt.Println(int(remainingDays)) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usage
All scripts are designed to return certificate validity metrics for monitoring systems.
The script
cert_valid_days_local.shchecks the validity of a certificate file provided as a parameter and prints the remaining days until expiration.The script
cert_valid_days_tls.shconnects via TLS to a specified server and prints the remaining days until the server's certificate expires.The Go source code accomplishes the same tasks in a system-independent manner using the Go crypto library. It can be compiled for both Linux and Windows.
Compilation Instructions
To compile the Go script for Linux:
To compile the Go script for Windows: