datori

Database administration for fun and profit

Automatic monitoring of the SSL certificate expiration date

This is not really about database administration, but one of the problems I often face is monitoring of the expiration of SSL certificates on my clients’ web servers. It usually takes some time to renew a certificate, and it helps to know in advance that I need to get the process started.Here’s a little script that checks the certificate on a given web server and sends a reminder if it is about to expire:

#!/bin/bash# checks the ssl certificate expiration date of a given host
# Usage: ./checksslcert.sh <hostname> [<port>]
# Port defaults to 443 if not specified
test -z "$1" && echo "Usage: $0 <hostname> [<port>]" && exit 0
tempstr=$(openssl s_client -connect $1:${2:-443} 2>/dev/null >$0.log)
test $? -gt 0 && echo "Error accessing SSL certificate on $1" && exit 1
exptime=$(date -d"${tempstr#*=}" +"%s")
expdays=$(((${exptime} - $(date +"%s"))/84400))
echo "SSL certificate on $1 expires in $expdays days"
test $expdays -lt 45 && echo "Do something!" | mailx -s "SSL certificate on $1 expires in $expdays days" admin@domain.com

Run it daily by cron and you will never miss the expiration date again. The script needs the GNU date utility and openssl to be installed. It has been tested under bash, but you can easily modify it to run under other shells.

3 Responses to Automatic monitoring of the SSL certificate expiration date

  1. Pingback: UNIX Script to check the Expiration of Digital Certificates - dBforums

  2. me says:

    There are 86400 seconds in a day, not 84400

  3. nick says:

    Thanks for catching the typo! Since this site is mostly visited by search engine bots, the internets are probably safe.

Leave a Reply

Your email address will not be published. Required fields are marked *