Monitoring of SSL certificate expiration time [Archive]

View Full Version : Monitoring of SSL certificate expiration time

jpawlowski

15-05-2005, 16:44

I wrote this script for me :-)

#!/bin/sh
DATE="/bin/date"
OPENSSL="/usr/local/openssl/current/bin/openssl"
HOST=$1
PORT=$2

if [ "$HOST" == "" ]; then
exit
fi

if [ "$PORT" == "" ]; then
PORT="443"
fi

CMD=`echo "" | $OPENSSL s_client -connect $HOST:$PORT 2>/dev/null | $OPENSSL x509 -enddate -noout 2>/dev/null| sed 's/notAfter\=//'`

if [ "$CMD" != "" ]; then
EXPIRE_DATE=`$DATE -d "$CMD" +%s`
TIME=`$DATE +%s`
EXPIRE_TIME=`expr $EXPIRE_DATE - $TIME`
echo $EXPIRE_TIME
fi

It returns the time in seconds to the expiration.
(it does NOT check if the certificate is valid!)

dorgan

28-12-2005, 23:18

This is awsome!!!

pattieja

03-04-2006, 19:25

I implemented this script exactly as posted in ZABBIX 1.1beta8, and I cannot seem to get zabbix_agentd to return anything other than a string. Is there something special I need to do in order to make zabbix_agentd think the return value is an integer? I added a ".0" onto the end of the return value, but I'm still getting values like "[s|42510876.0]" when I check the value with 'zabbix_agentd -p'.