Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 672
  • Last Modified:

ssl cert expiration

I am trying to find a concept to check the local cert store on a server and output expiry dates maybe even some logic that evaluates the current date and determines how many days are left to expiration.

I am thinking of using certutil

The output is formatted as below.


================ Certificate 24 ================
Serial Number: 198b11d13f9a8ffe69a0
Issuer: CN=Root Authority, OU=Company OU, OU=Copyright (c) Company.
NotBefore: 9/30/1900 11:00 PM
NotAfter: 1/1/2012 11:00 PM
Subject: CN=cert CN, OU=Cert Corporation,OU=Company Intermediate CA, OU=Copyright (c)Company.
Non-root Certificate
Template:
Cert Hash(sha1):

I want to be able to have a script that will go through the output read the not after date and if the "not after" date is x number of days I want to report the info in the line starting subject and then indicate how many days are left to expiry.

eg:

Subject: CN=cert CN  has "x" days until expiration.

Can anyone help me.
0
becraig
Asked:
becraig
  • 3
  • 2
1 Solution
 
vikas_madhusudanaCommented:
day=`date '+%d'`
month=`date '+%m'`
year=`date '+%y'`

string=`cat file.txt | grep Notafter`
date =`echo $string | cut -d : -f 2 `
day1=`echo $date | cut -d / -f 2`
month1=`echo $date | cut -d / -f 1`
year1=`echo $date | cut -d / -f 3`

if [ $year1 -eq  $year ] ; then
if [$month -eq $month1]; then
diff=`expr $day1 - $day`
echo ceritficate expires in $diff
fi
fi






0
 
becraigAuthor Commented:
Vikas can you give me a bit more detail on how this play into my scenario I can see what the script does but I dont want to just plug and play I want to understand a bit better so any tweaking I dont need to come back.
0
 
vikas_madhusudanaCommented:
sure you have to redirect your output of certutil  to a file "file.txt" now your file.txt will have output that you have listed in your question what my script does is.

first part will just take the current date's day month and year into some variables
second part will parse the file.txt to get the expiration date's day month and year.
third part is the comparison of these two and displaying the difference in the day if they come in same month and year.

 
0
 
becraigAuthor Commented:
I will try this out this evening Thanks Vikas
0
 
becraigAuthor Commented:
Vikas, I may need a bit more help.

I am using another method to get the cert output which provides the following output:
Subject: CN=websitename.com, OU=Company Unit, O=company, L=City, S=State, C=Country
Issuer: CN=Corp, DC=Comp, DC=corp, DC=Corp, DC=com
Version: 3
Valid Date: 7/10/2009 11:00:00 AM
Expiry Date: 7/10/2010 11:00:00 AM
Thumbprint: 985JNITUEBBIYHRYTRNJFHRY800DNUOENUR704NI
Serial Number: 2JDJHRUFGFKKT8586HKDB
Friendly Name: RSA

Subject: CN=websitename2.com, OU=Company Unit, O=company, L=City, S=State, C=Country
Issuer: CN=Corp, DC=Comp, DC=corp, DC=Corp, DC=com
Version: 3
Valid Date: 11/2/2009 1:00:00 PM
Expiry Date: 11/2/2010 1:00:00 PM
Thumbprint: 985JNITUEBBIYHRYTRNJFHRY800DNUOENUR704NI
Serial Number: 2JDJHRUFGFKKT8586HKDB
Friendly Name: RSA


what I am searching for here is to have a batch file that runs the command on a list of servers  providing me the following info.

Servername
Cert name & Expiry date if expiry meets the criteria ie: 30 days before expiration.

I may need to have my hand held a little bit more as windows scripting is not really my forte.

Thanks :-)



0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now