barnoid

Here’s a script I wrote a while ago for checking a bunch of domains to see if their certificates have expired using openssl. Just add your domains to the @domains list. At work we have a cronjob that does this every day: checkcerts -d 31 | mail -e -s"SSL Certificates Expiring Within a Month" systems@... #!/usr/bin/perl -w # checkcerts # Barney Livingston 2008-11-18 use strict; use Date::Parse; use Date::Format; use POSIX qw(floor); use Getopt::Long; my $days = 9999999999; #about 27 million years should be enough my $help; GetOptions( "days=i" => \$days, "help" => \$help ); if ($help) { print <<"END"; Usage: checkcerts [options] --days -d <days> Only show certificates due to expire within <days> days. END exit 0; } my @domains = ( "example.com" ); # Your list of domains goes here. my $time = time; foreach my $domain (@domains) { my $tries = 3; my $date = ""; my $cn = ""; my $expdays = 0; my $x509 = ""; while ($tries > 0) { $x509 = `echo Q | openssl s_client -connect $domain:443 2>&1 | openssl x509 -noout -text`; $date = "ERROR"; if ($x509 =~ /Not After : (... .. ..:..:.. .... ...)\n/) { $date = str2time($1); } $x509=~ /Subject:.+CN=(.*?)[\/\n]/; $cn = $1; if ($date eq "ERROR") { $tries--; } else { $tries = 0; } } if ($date eq "ERROR") { print "Failed to get a useful response from $domain\n"; } else { $expdays = floor(($date - $time) / (3600 * 24)); my $expired = ""; $expired = " EXPIRED" if ($expdays < 0); if ($expdays < $days) { print time2str("%Y-%m-%d %T", $date) . " -$expired $expdays days - $cn\n"; } } }