Forum Discussion
Kevin_Stewart
Oct 24, 2013Employee
Do I need to change " output=tmsh list / sys crypto one-line |grep "sys crypto cert" "? If I using firmware 10.2.4.
The code is actually easier in 10.x because the certs are still stored in the directory.
! /bin/bash
set acceptable threshold in seconds (172800 seconds = 2 days)
threshold=185920000
get today's date
this_date=`date +%s`
set path to certificates
cert_path=/config/ssl/ssl.crt/
for f in $cert_path*.crt
do
this_cert_date_literal=`openssl x509 -in $f -noout -enddate |sed s/notAfter=//`
this_cert_date=`date -d "$this_cert_date_literal" +%s`
if [ $this_date -ge $(($this_cert_date - $threshold)) ]
then
expires_when=$(((this_cert_date - $this_date) / 60 / 60 / 24))
echo "$f is about to expire in $expires_when days"
additional processing for expiring certs goes here
fi
done