Are you worried about ssl certificate expiry ?

Are you worried about ssl certificate expiry  ?  I found a good solution for that 🙂 . This script will monitor the ssl certificate expiry and  will  provide e-mail notifications when a certificate is getting close to expire !!!

1) Download and setup the script for execution

wget http://prefetch.net/code/ssl-cert-check
chmod 744 ssl-cert-check

2) To find the ssl expiry details of a local certificate

./ssl-cert-check -c  /usr/local/sss/adminlogs.crt

3) To find  the ssl expiry details of a remote domain

./ssl-cert-check -s www.adminlogs.info -p 443

4) To find the ssl expiry details of a list of domains

If you are managing a number of domains , you can place the domains in a file with port number as follows

# vi  /home/domainlist
www.adminlogs.info 443
www.google.com  443
www.yahoo.com  443

Then save the file and execute the script with the option ” -f ”

./ssl-cert-check -f  /home/domainlist  ./ssl-cert-check -i -f domainlist

here ”  i ” will give the details of ssl provider/issuer
5)  Setup e-mail alerts if ssl expiry date is less than or equal to 20 days

ssl-cert-check can provide e-mail notifications when a certificate is getting close to expiring. The expiration interval can be controlled with ssl-cert-check’s “-x” (expiration interval) option, and the e-mail address to send notifications can be passed as an argument to the “-e” (e-mail address to send alerts) option.

./ssl-cert-check -a  -f   /home/domainlist  -q -x 20 -e  [email protected]

You can add the above command in cron and monitor your ssl certificate validity .

You can find more ssl related stuffs here : most-common-openssl-commands

Thank you prefetch.net for this excellent script !!!

 

  • That script is great for checking certificate expiration! I use it all the time. To make it easier to check other certificate info, I wrote a small generic wrapper script. Hope others find it useful too: http://giantdorks.org/alain/shell-script-to-parse-openssl-output/

  • hari

    script is running but i didnt receive email alert.can you help me on that

  • Sunil N

    Hi Folks,

    I have a situation in weblogic server where in i need to check the certificate expiry which are in keystore i.e jks files, Please let me know how this can be achieved.

    example:
    [[email protected] auto]$ keytool -list -v -keystore javakeystore.jks -alias np_cert -storepass Welcome1
    Alias name: my_cert
    Creation date: Apr 27, 2017
    Entry type: trustedCertEntry

    Owner: CN=*.sunil.com.au, OU=Domain Control Validated
    Issuer: CN=Go Daddy Secure Certificate Authority – G2, OU=http://certs.godaddy.com/repository/, O=”GoDaddy.com, Inc.”, L=location, ST=state, C=country
    Serial number: xxxxxxxxxxxxxxxxxx
    Valid from: Fri Feb 27 00:19:47 ACDT 2015 until: Tue Feb 27 12:57:02 ACDT 2018

    The above certificate in the keystore expires on Feb-27-2018, Similarly few other certs reside in the keystore, I would like to know how can this script be used to get notified.

    Thanks,
    Sunil