alert/email notification when a SSL certificate expires

Hi Mohammed,

In the thread the value 2629743 denotes 30 days, so this script when executed will give you the list of certs expiring within 30 days.

So if you need something within a week, you need to change the value.

Here's a simple script to fulfill your needs, this by default takes 30days, but if you need a specific interval, you can specify it while executing.

Script:

!/bin/bash
 set number of days to warn
remainingdays=$1
if [ -z ${remainingdays} ]
then
   remainingdays=30
fi

remainingseconds=$((${remainingdays} * 86400))

 get current date
currdate=`date +%s`

 set warning time period
warningtime=$((${currdate} + ${remainingseconds}))

 verify cert expiration within warning time period
for cert in /config/filestore/files_d/Common_d/certificate_d/*.crt*
do
    expirationtime=`openssl x509 -enddate -in $cert | awk -F '=' '{print $2}' | xargs -I{} date -d {} +%s`
    if [ "${expirationtime}" -lt "${warningtime}" ]
    then
        certname=`echo "$cert" | sed -r 's/config/filestore/files_d/Common_d/certificate_d/:Common:g'`
        expirydate=`openssl x509 -enddate -in $cert | awk -F '=' '{print $2}' | xargs -I{} date -d {} +%Y/%m/%d`
        echo "$certname,$expirydate"
    fi
done

How to use:

First copy the above code and save it in a file,

vi /var/tmp/ssl-script

Running the script

bash /var/tmp/ssl-script

The output will be seen in the console. But this will result all the certs expiring in next 30 days.

Running the script with a particular interval, ex: 7 days,

bash /var/tmp/ssl-script 7

The output will be seen in the console. But this will result all the certs expiring in next 7 days.

The output will be something like below,

Test_6days.com.crt_39416_1,2018/11/15
Test_7days.com.crt_39436_1,2018/11/16

You can also export in this in csv format too. And open in an excel file.