-
Notifications
You must be signed in to change notification settings - Fork 0
/
cert-check.sh
executable file
·47 lines (38 loc) · 1.19 KB
/
cert-check.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
##### Check domain name Certificate expiration date
### v0.1 - POC
# VARS
_CERTCHECKDOMAIN=""
# FUNCTIONS
_SCRIPTUSAGE(){ echo -e "Usage:\n$(basename $0) -d your.domain.com\n$(basename $0) your.domain.com\n"; }
while (( "$#" )); do
case "$1" in
-d|--domain)
if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
_CERTCHECKDOMAIN="$2"
shift 2
fi
;;
-h|--help)
_SCRIPTUSAGE
exit 3
;;
*) _CERTCHECKDOMAIN="${1}"; shift ;;
esac
done
if [ -z "$_CERTCHECKDOMAIN" ]; then
echo "Domain not set. Please Enter a domain to test certificate:"
read -p "# Domain = " _CERTCHECKDOMAIN
fi
_ENDDATE=$(echo | openssl s_client -connect "$_CERTCHECKDOMAIN":443 2>/dev/null | openssl x509 -noout -enddate | awk -F'=' '/=/ {print $2}')
# MAIN
if [ "$(date +'%s')" -gt "$(date -d "$_ENDDATE" +'%s')" ]; then
echo "CRITICAL - Certificate for '$_CERTCHECKDOMAIN' is outdated [End: $_ENDDATE]"
exit 2
elif [ "$(date +'%s')" -ge "$(date -d "$_ENDDATE -10days" +'%s')" ]; then
echo "WARNING - Certificate for '$_CERTCHECKDOMAIN' needs Renewal [End: $_ENDDATE]"
exit 1
else
echo "OK - Certificate for '$_CERTCHECKDOMAIN' does not need renewal [End: $_ENDDATE]"
exit 0
fi