I have wanted to check on expiration dates on certificates on all servers. I created this bash script and saved it in the same location as the php page below.
#!/bin/bash
currdate=$(date +%s)
printf '%-60s %-29s %15s\n' "Hostname" "Cert. Exp. Date" "Days Remaining"
declare -a StringArray=("aaa" "host1" "host2" "host3" "www")
for val in "${StringArray[@]}"; do
cert=$(echo | openssl s_client -connect $val.yourdomain.com:443 -servername $val.yourdomain.com 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "$val..com" "$cert" "$((moredays)) day(s) remaining"
done
# This section is for servers without the default SSL/TLS port of 443 or IP addresses
cert=$(echo | openssl s_client -connect admanager.yourdomain.com:8444 -servername admanager.yourdomain.com 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "adaudit.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
cert=$(echo | openssl s_client -connect admanager.yourdomain.com:8443 -servername admanager.yourdomain.com 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "admanager.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
cert=$(echo | openssl s_client -connect server1.yourdomain.com:15443 -servername server1.yourdomain.com 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "server1.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
cert=$(echo | openssl s_client -connect unifi.yourdomain.com:8443 -servername unifi.yourdomain.com 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "unifi.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
cert=$(echo | openssl s_client -connect unifi-guest.yourdomain.com:8443 -servername unifi-guest.yourdomain.com 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "unifi-guest.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
cert=$(echo | openssl s_client -connect 1.2.3.4:443 -servername 1.2.3.4 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "server2.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
cert=$(echo | openssl s_client -connect 5.6.7.8:443 -servername 5.6.7.8 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$currdate/86400 && printf '%-60s %-30s %15s\n' "server3.yourdomain.com" "$cert" "$((moredays)) day(s) remaining"
The output was similar to this:
Hostname Cert. Exp. Date Days Remaining
www.microsoft.com Aug 21 16:01:06 2025 GMT 45 day(s) remaining
www.amazon.com Jun 29 23:59:59 2026 GMT 357 day(s) remaining
In case you only want to check the certificate on one host, the following script can be used.
#!/bin/bash
read -p "Enter Fully Qualified Domain Name (FQDN) (i.e.: www.yourdomain.com): " hostcheck
read -p "Enter port number to check or hit Enter for default port of 443: " portnum
portnum="${portnum:-443}"
printf '%-60s %-29s %15s\n' "Hostname" "Cert. Exp. Date" "Days Remaining"
cert=$(echo | openssl s_client -connect $hostcheck:$portnum -servername hostcheck 2>/dev/null | openssl x509 -noout -dates | tail -n 1 | cut -d "=" -f 2) && moredays=$(date -d "$cert" +%s)/86400-$(date +%s)/86400 && printf '%-60s %-30s %15s\n' "$hostcheck" "$cert" "$((moredays)) day(s) remaining"
Finally, display it via a php page with this code
<head>
<title>Certs Check</title>
<link rel="icon" type="image/ico" href="Company.ico">
</head>
<?php
$URL1=$_SERVER['REQUEST_URI'];
header("Refresh: 900; URL=$URL1");
$Output = shell_exec('/var/cache/www/html/Certs.sh');
echo "<pre>$Output</pre>";
?>
Change /var/cache/www/html/Certs.sh to the path and name of your shell script.
Feel free to comment if you have a suggestion to make it simpler
Regards,
F. Bobbio C.
No comments:
Post a Comment