Monday, January 18, 2016

bash/openssl script to show in how many days the ssl certificates expire


script to show in how many days the ssl certificates expire.

$1= file with domain list
output format: current date, domain, port, subject of cert, days from now until cert will expire, expire-date

$ cat checkcertexp
#!/bin/bash

unique=`date +"%Y-%m-%d-%T"`
port=443

while read line ; do

    res=`echo | timeout 5 openssl s_client -connect "$line:$port" 2>/dev/null | openssl x509 -noout -subject -dates 2>/dev/null|sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/' `

    subject=`echo $res|cut -d" " -f1`
    dateaft=`echo $res|cut -d"=" -f3`
    cert=`date --date="$dateaft" +%s`
    now=`date +%s`
    echo "$unique;$line;$port;$subject;$(((cert-now)/86400));$dateaft"

done <$1
---