ssl cert expiration
I am trying to find a concept to check the local cert store on a server and output expiry dates maybe even some logic that evaluates the current date and determines how many days are left to expiration.
I am thinking of using certutil
The output is formatted as below.
================ Certificate 24 ================
Serial Number: 198b11d13f9a8ffe69a0
Issuer: CN=Root Authority, OU=Company OU, OU=Copyright (c) Company.
NotBefore: 9/30/1900 11:00 PM
NotAfter: 1/1/2012 11:00 PM
Subject: CN=cert CN, OU=Cert Corporation,OU=Company Intermediate CA, OU=Copyright (c)Company.
Non-root Certificate
Template:
Cert Hash(sha1):
I want to be able to have a script that will go through the output read the not after date and if the "not after" date is x number of days I want to report the info in the line starting subject and then indicate how many days are left to expiry.
eg:
Subject: CN=cert CN has "x" days until expiration.
Can anyone help me.
I am thinking of using certutil
The output is formatted as below.
================ Certificate 24 ================
Serial Number: 198b11d13f9a8ffe69a0
Issuer: CN=Root Authority, OU=Company OU, OU=Copyright (c) Company.
NotBefore: 9/30/1900 11:00 PM
NotAfter: 1/1/2012 11:00 PM
Subject: CN=cert CN, OU=Cert Corporation,OU=Company Intermediate CA, OU=Copyright (c)Company.
Non-root Certificate
Template:
Cert Hash(sha1):
I want to be able to have a script that will go through the output read the not after date and if the "not after" date is x number of days I want to report the info in the line starting subject and then indicate how many days are left to expiry.
eg:
Subject: CN=cert CN has "x" days until expiration.
Can anyone help me.
ASKER
Vikas can you give me a bit more detail on how this play into my scenario I can see what the script does but I dont want to just plug and play I want to understand a bit better so any tweaking I dont need to come back.
sure you have to redirect your output of certutil to a file "file.txt" now your file.txt will have output that you have listed in your question what my script does is.
first part will just take the current date's day month and year into some variables
second part will parse the file.txt to get the expiration date's day month and year.
third part is the comparison of these two and displaying the difference in the day if they come in same month and year.
first part will just take the current date's day month and year into some variables
second part will parse the file.txt to get the expiration date's day month and year.
third part is the comparison of these two and displaying the difference in the day if they come in same month and year.
ASKER
I will try this out this evening Thanks Vikas
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
month=`date '+%m'`
year=`date '+%y'`
string=`cat file.txt | grep Notafter`
date =`echo $string | cut -d : -f 2 `
day1=`echo $date | cut -d / -f 2`
month1=`echo $date | cut -d / -f 1`
year1=`echo $date | cut -d / -f 3`
if [ $year1 -eq $year ] ; then
if [$month -eq $month1]; then
diff=`expr $day1 - $day`
echo ceritficate expires in $diff
fi
fi