commit f5dfea511340ec28b14fa1b6f6d9c39c2ec8a90c parent 28f8fac358e3260081ff8c9b92b5fc4322c98fb4 Author: Antoine Amarilli <a3nm@a3nm.net> Date: Thu, 27 Oct 2016 11:45:02 +0200 ssleft Diffstat:
ssleft | | | 58 | ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
1 file changed, 58 insertions(+), 0 deletions(-)
diff --git a/ssleft b/ssleft @@ -0,0 +1,58 @@ +#!/bin/bash + +# check number of days left on SSL certificate of website $1 +# with port $2 (default: 443) +# if $3 is specified, will warn if days left is < $3 + +HOST="$1" +PORT=${2:-443} +MARGIN=${3:0} + +CERT=$(echo | openssl s_client -connect $HOST:$PORT 2>/dev/null) +DATE=$(echo "$CERT" | openssl x509 -noout -dates) +BDATE=$(echo "$DATE" | grep '^notBefore' | cut -d'=' -f2) +ADATE=$(echo "$DATE" | grep '^notAfter' | cut -d'=' -f2) + +if [[ -z "${BDATE// }" || -z "${ADATE// }" ]] +then + echo "could not get expiration date of cert for $HOST:$PORT; got:" + echo "$CERT" + exit 1 +fi + +STARTDATE=$(date -d "$BDATE" '+%s') +if [[ $? -ne 0 ]] +then + echo "could not parse start date of cert for $HOST:$PORT; got $DATE" + exit 2 +fi + +EXPDATE=$(date -d "$ADATE" '+%s') +if [[ $? -ne 0 ]] +then + echo "could not parse expiration date of cert for $HOST:$PORT; got $DATE" + exit 2 +fi + +CDATE=$(date '+%s') +DIFF=$((($EXPDATE-$CDATE) / (60*60*24))) + +if [[ $CDATE -lt $STARTDATE ]] +then + echo "== cert for $HOST:$PORT is not yet valid?! ==" + echo "$DATE" + echo "details of cert are:" + echo "$CERT" + exit 2 +fi + +if [[ $DIFF -lt $MARGIN || $MARGIN -eq 0 ]] +then + echo "== cert for $HOST:$PORT will expire in $DIFF days ==" + echo "$DATE" + echo "details of cert are:" + echo "$CERT" + exit 3 +fi + +