forked from skx/sysadmin-util
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssl-expiry-date
executable file
·141 lines (120 loc) · 2.79 KB
/
ssl-expiry-date
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/sh
#
# About
# -----
# Check the expiry date of the SSL certificate on the given host.
#
#
# License
# -------
#
# Copyright (c) 2013-2015 by Steve Kemp. All rights reserved.
#
# This script is free software; you can redistribute it and/or modify it under
# the same terms as Perl itself.
#
# The LICENSE file contains the full text of the license.
#
#
#
# Simple function to show usage information, and exit.
#
usage () {
echo "Usage: $0 [-d] [-p 443] domain1.org domain2.com .. domainN"
exit 0
}
#
# Default settings for flags set by the command-line arguments
#
days=0
port=443
#
# Parse the argument(s) - i.e. look for "-d" / "-p 443".
#
while getopts "h?dp:" opt; do
case $opt in
h)
usage
;;
\?)
usage
;;
d)
days=1
;;
p)
port=$OPTARG
;;
esac
done
shift $((OPTIND-1))
#
# Ensure we have some arguments
#
if [ "$#" = "0" ]; then
usage
fi
#
# For each domain-name on the command-line.
#
for name in "$@" ; do
#
# Make a temporary file
#
# Test if we have BSD or GNU version of mktemp
if ( strings $(which mktemp) | grep -q GNU); then
# We have the GNU version
tmp=$(mktemp)
else
# We have the BSD version
tmp=$(mktemp -t tmp)
fi
#
# Download the certificate
#
if ( ! echo "" | openssl s_client -connect $name:$port > $tmp 2>/dev/null ); then
echo "Failed to get cert from https://$name:$port/"
exit 3
fi
#
# Get the expiry date
#
date=$(openssl x509 -in "$tmp" -noout -enddate | awk -F= '{print $2}')
#
# Remove the temporary file
#
rm -f "$tmp"
#
# Convert the expiry date + todays date to seconds-past epoch
#
# Check if we have the BSD or the GNU version of date
if (strings $(which date) | grep -q GNU); then
# We have GNU this is easy
then=$(date --date "$date" +%s)
else
# We have BSD now it is getting complicated
year=$(echo $date | awk '{print $4}')
month=$(echo $date | awk '{print $1}')
day=$(echo $date | awk '{print $2}')
hour=$(echo $date | awk '{print $3}' | awk -F: '{print $1}')
minute=$(echo $date | awk '{print $3}' | awk -F: '{print $2}')
second=$(echo $date | awk '{print $3}' | awk -F: '{print $3}')
then=$(date -v${year}y -v${month} -v${day}d -v${hour}H -v${minute}M -v${second}S -u +%s)
fi
now=$(date +%s)
#
# Day diff
#
diff=$(expr "$then" - "$now" )
diff=$(expr $diff / 86400 )
#
# All done
#
if [ "$days" = "1" ]; then
echo "${name}: ${diff}"
else
echo "$name"
echo " Expires: ${date}"
echo " Days: ${diff}"
fi
done