Last change
on this file since 2630 was
2545,
checked in by andersk, 11 years ago
|
Test all certificates for expiration, including intermediates
|
-
Property svn:executable set to
*
|
File size:
1.1 KB
|
Line | |
---|
1 | #!/usr/bin/perl |
---|
2 | |
---|
3 | use strict; |
---|
4 | use warnings; |
---|
5 | use autodie; |
---|
6 | use Date::Parse; |
---|
7 | use File::Basename; |
---|
8 | use Getopt::Long qw(:config bundling); |
---|
9 | use IPC::Open2; |
---|
10 | |
---|
11 | chdir dirname($0); |
---|
12 | |
---|
13 | my $now = time(); |
---|
14 | |
---|
15 | GetOptions( |
---|
16 | "verbose|v" => \my $verbose, |
---|
17 | ) or exit 2; |
---|
18 | |
---|
19 | use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days |
---|
20 | |
---|
21 | foreach my $cert (glob "*.pem") { |
---|
22 | open(CERT, "<", $cert); |
---|
23 | my $ins = do {local $/; <CERT>}; |
---|
24 | close(CERT); |
---|
25 | |
---|
26 | for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) { |
---|
27 | my $pid = open2(\*X509, \*IN, qw(openssl x509 -enddate -noout)); |
---|
28 | print IN $in; |
---|
29 | close(IN); |
---|
30 | my $out = do {local $/; <X509>}; |
---|
31 | close(X509); |
---|
32 | waitpid($pid, 0); |
---|
33 | |
---|
34 | my $exp; |
---|
35 | unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) { |
---|
36 | warn "Cert appears broken: $cert"; |
---|
37 | next; |
---|
38 | } |
---|
39 | |
---|
40 | my $time = str2time($exp); |
---|
41 | |
---|
42 | if ($verbose || ($time - $now) <= WARNING) { |
---|
43 | printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert; |
---|
44 | open(IN, '|-', qw(openssl x509 -subject -noout)); |
---|
45 | print IN $in; |
---|
46 | close(IN); |
---|
47 | } |
---|
48 | } |
---|
49 | } |
---|
Note: See
TracBrowser
for help on using the repository browser.