From dbab0a76bd9c1bd1c44315b74b08c16447bde9cd Mon Sep 17 00:00:00 2001
From: Kyle K <kylek389@gmail.com>
Date: Sat, 16 Mar 2019 22:46:38 +0000
Subject: openssl bash script to check if cert is expired

---
 expiry-cert.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100755 expiry-cert.sh

diff --git a/expiry-cert.sh b/expiry-cert.sh
new file mode 100755
index 0000000..ac7f52b
--- /dev/null
+++ b/expiry-cert.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# 1st argument should be fqdm
+# returns 0 if certificate is expired
+function cert_check_expired() {
+  SERVERNAME=$1; shift  # for SNI stuff
+  IP=$(dig +noall +answer +short $SERVERNAME)
+  now_epoch=$(date +%s)
+
+  expiry_date=$(echo | openssl s_client -servername $SERVERNAME -connect $IP:443 2>/dev/null </dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)
+  expiry_epoch=$(date -d "$expiry_date" +%s)
+  if [[ $(($expiry_epoch - $now_epoch)) -le 0 ]]; then return 0; fi  # return statement sets the $? variable
+}
+
+cert_check_expired "www.fatalhalt.net"
+echo $?
-- 
cgit v1.2.3