Forum Discussion

Nimbostratus

Feb 18, 2015

Check bundle certificate expiration date

Hi, As many of you, I have to create a script to check the expiration date of our certificates (excepting the ones used for our webservers for which the CA send us an alarm). Using OpenSSL I can...

MVP

Mar 26, 2015

Hi MickeyM,

here is a solution which is splitting the original bundle (stored in /var/tmp/ca-bundle.crt for the example) as well into multiple files and runs the openssl verification:

awk '/-+BEGIN CERTIFICATE-+/,/-+END CERTIFICATE-+/ {print}' /var/tmp/ca-bundle.crt | \
awk '/-+BEGIN CERTIFICATE-+/ {file="cafile_"++i;} {print > "/var/tmp/"file".tmp";}'

for cert in /var/tmp/cafile_*.tmp; do openssl x509 -noout -subject -enddate -in $cert; done

rm -f /var/tmp/cafile_*.tmp

Temp files were stored as /var/tmp/cafile_.tmp and need to be deleted after test.

Thanks, Stephan

PS: Kudos go to the guys at "theunixschool" for some pretty helpful awk-examples.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Check bundle certificate expiration date

Recent Discussions

Connecting to Big-IP LTM via RSA

"Chassis fan unknown status." logs on a virtual F5 device.

Do Active and Standby L4 Devices Both Send RST on TCP Health Check Failure?

3rd party SFP

iRule to Force Source IP to Specific Backend Node

Related Content

LTM Certificate expire

Certificate Bundle Timestamp Query

Creating, Importing and Assigning a CA Certificate Bundle

CheckMk F5 Certificate Expiration using SNMP

Automating ACMEv2 Certificate Management on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS