Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ######################################################
- # List certificates, find if a cert is expired.
- # Requirements for sending emails: postfix, mailutils
- #
- # 15-12-2015
- # Julian Capilla
- # lyhan_jr@hotmail.com
- ######################################################
- #!/bin/bash
- pass="changeit"
- cacerts="$1"
- alias="$2"
- to="$3"
- if [ ! "$cacerts" ];then echo "Please enter cacerts file path" && exit;fi
- if [ "$alias" = "--help" ] || [ "$cacerts" = "--help" ];then
- echo "Read cacert file and print expiration time of certificates"
- echo ""
- echo "$(basename $0) {cacerts file} {alias | option} {optional email}"
- echo "Example: $(basename $0) cacerts alias test@email.com,test2@email.com"
- echo "Options:"
- echo -e "\t-P\t\tPrints all aliases in cacerts file."
- echo -e "\t--all\t\tCheck all the certificates."
- echo -e "\t--help\t\tPrint this help."
- echo ""
- exit 0
- fi
- if [ ! "$alias" ];then echo "Please enter alias or valid option" && exit;fi
- if [ ! -f $cacerts ];then echo "$cacerts is not a valid file." && exit 1;fi
- if [ "$2" = "-P" ]
- then
- # List aliases
- keytool -list -keystore $cacerts -storepass $pass | grep -v Certificate | cut -d, -f 1 -
- elif [ "$2" = "--all" ];then
- for a in $(./"$0" $cacerts -P);do
- out="$(./"$0" $cacerts "$a" $to | egrep 'Valid|Expired')"
- if [ "$out" ];then echo -e $out"\t[$a]";fi
- done
- else
- # Check dates
- output="$(keytool -list -v -alias $2 -keystore $cacerts -storepass $pass | grep Valid)"
- if [ ! "$output" ];then echo "Certificate alias not found." && exit 0;fi
- from="$(echo $output | awk -F'from:' '{print $2$3}'| cut -c -30)"
- until="$(echo $output | awk -F'until:' '{print $2$3}'| cut -c -30)"
- # Check if email and send email if cert is about to expire in less than 30 days
- if [ $to ];then
- edate="$(date --date="$until" "+%Y%m%d")"
- ndate="$(date "+%Y%m%d")"
- time="$(echo $edate - $ndate | bc)"
- if [ $time -lt 30 ];then echo "Please renew certificate in '$cacerts'. Certificate '$alias' expires $until" | mail -s "Certificate about to expire in $(hostname)" $to ;fi
- fi
- if [ $(date +%Y%m%d) -lt $(date --date="$until" "+%Y%m%d") ];then echo "Valid until: $until";else echo Expired: $until;fi
- fi
Add Comment
Please, Sign In to add comment