openssl bash script to check if cert is expiredHEAD master

author: Kyle K <kylek389@gmail.com> 2019-03-16 22:46:38 +0000
committer: Kyle K <kylek389@gmail.com> 2019-03-16 22:46:38 +0000
commit: dbab0a76bd9c1bd1c44315b74b08c16447bde9cd (patch)
tree: 9e9a3dcae9619e5205a0025ff44f7084b47cdad6
parent: 9f349bc53b85ecdb8482c5c0cb7671d22426d74a (diff)
download: scripts-master.tar.gz
scripts-master.tar.bz2
scripts-master.zip
1 files changed, 16 insertions, 0 deletions
diff --git a/expiry-cert.sh b/expiry-cert.sh
new file mode 100755
index 0000000..ac7f52b
--- /dev/null
+++ b/expiry-cert.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# 1st argument should be fqdm
+# returns 0 if certificate is expired
+function cert_check_expired() {
+  SERVERNAME=$1; shift  # for SNI stuff
+  IP=$(dig +noall +answer +short $SERVERNAME)
+  now_epoch=$(date +%s)
+
+  expiry_date=$(echo | openssl s_client -servername $SERVERNAME -connect $IP:443 2>/dev/null </dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)
+  expiry_epoch=$(date -d "$expiry_date" +%s)
+  if [[ $(($expiry_epoch - $now_epoch)) -le 0 ]]; then return 0; fi  # return statement sets the $? variable
+}
+
+cert_check_expired "www.fatalhalt.net"
+echo $?
author	Kyle K <kylek389@gmail.com>	2019-03-16 22:46:38 +0000
committer	Kyle K <kylek389@gmail.com>	2019-03-16 22:46:38 +0000
commit	dbab0a76bd9c1bd1c44315b74b08c16447bde9cd (patch)
tree	9e9a3dcae9619e5205a0025ff44f7084b47cdad6
parent	9f349bc53b85ecdb8482c5c0cb7671d22426d74a (diff)
download	scripts-master.tar.gz scripts-master.tar.bz2 scripts-master.zip