On Mon, Jul 16, 2007 at 07:14:38PM +0200, Jan-Frode Myklebust wrote:
> On 2007-07-16, Owen Crow <[EMAIL PROTECTED]> wrote:
> >
> > It seems like this can be done with the openssl command line, but I
> > can only get certificate date information _after_ the certificate
> > expires. If anyone knows how to extract an SSL certificate's
> > expiration date remotely, I'd be happy to convert that into a monitor
> > script.
> >
>
> Thanks for the offer, I could use something like that :-)
>
> $ echo "" | openssl s_client -connect mail.altibox.no:443 2>/dev/null | sed
> -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |openssl x509 -text|grep
> "Not After :"
No need to parse out the certificate with sed - as implied in my previous
message, openssl seems to be able to ignore the non-certificate portions
of the file:
openssl s_client -connect www.example.com:443 2>/dev/null </dev/null |
openssl x509 -noout -enddate
But if I was scripting this, I would call the two openssl commands
separately and save the output to a file, so that I could detect failures
more reliably...
_______________________________________________
mon mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/mon
