Patrick Heim wrote: > Does anoyne know of a tool or a way to script OpenSSL to: > > 1. Connect to an SSL enabled server > 2. Retrieve the server certificate > 3. Parse it for the certificate expiration date
Well, you can use "openssl s_client" to connect to the server: openssl s_client -connect www.servername.de:port -showcerts >From the output you can extract the server certificate (choosing the certificate which has the according common name ( s:/C=[whatever]/CN=www.servername.de This certificate you can put into a file and run openssl x509 on it: openssl x509 -noout -in bbbb.pem -enddate The output is like this: notAfter=Sep 24 09:35:00 2004 GMT That's what you want, I guess... So a little bit of perl calling openssl twice (once with s_client, once with x509) and parsing the output should be sufficient. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Consultant, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]