Created
June 19, 2025 18:28
-
-
Save scysys/b7dbef04ca2e9a5f0009554e41c7c3d7 to your computer and use it in GitHub Desktop.
zext_ssl_cert.sh – Check SSL Expiry and Issuer for Zabbix
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # zext_ssl_cert.sh – Check SSL expiry or issuer from a certificate | |
| DEBUG=0 | |
| [ "$DEBUG" = "1" ] && set -x | |
| MODE="$1" | |
| HOST="$2" | |
| PORT="${3:-443}" | |
| SNI="${4:-$HOST}" | |
| PROTO="$5" | |
| [ "$MODE" != "-d" ] && [ "$MODE" != "-i" ] && { | |
| echo "usage: $0 [-i|-d] hostname [port] [sni] [starttls-proto]" | |
| echo " -i Show Issuer" | |
| echo " -d Show valid days remaining" | |
| exit 1 | |
| } | |
| # Optional: TLS-Start for SMTP, etc. | |
| [ -n "$PROTO" ] && STARTTLS="-starttls $PROTO" | |
| # Get full cert chain | |
| CERT_DATA=$(echo | openssl s_client -servername "$SNI" -connect "$HOST:$PORT" -showcerts $STARTTLS 2>/dev/null | | |
| sed -n '/BEGIN CERTIFICATE/,/END CERT/p') | |
| if [ -z "$CERT_DATA" ]; then | |
| echo "Error: No certificate data retrieved from $HOST:$PORT" | |
| exit 2 | |
| fi | |
| case "$MODE" in | |
| -d) | |
| EXPIRY=$(echo "$CERT_DATA" | openssl x509 -noout -enddate 2>/dev/null | sed 's/notAfter=//') | |
| if [ -z "$EXPIRY" ]; then | |
| echo "Error: Could not parse certificate expiry" | |
| exit 3 | |
| fi | |
| EXPIRY_SEC=$(date -d "$EXPIRY" +%s) | |
| NOW_SEC=$(date +%s) | |
| echo $(((EXPIRY_SEC - NOW_SEC) / 86400)) | |
| ;; | |
| -i) | |
| ISSUER=$(echo "$CERT_DATA" | openssl x509 -noout -issuer 2>/dev/null | sed 's/issuer=//') | |
| [ -z "$ISSUER" ] && { | |
| echo "Error: Issuer not found" | |
| exit 4 | |
| } | |
| echo "$ISSUER" | |
| ;; | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment