source: trunk/locker/sbin/check-ldap-certs.pl @ 1569

Last change on this file since 1569 was 1569, checked in by adehnert, 12 years ago
Add script to check LDAP cert expiration
  • Property svn:executable set to *
File size: 792 bytes
Line 
1#!/usr/bin/perl
2
3use strict;
4use File::Basename;
5use Date::Parse;
6
7my @servers = qw(cats-whiskers.mit.edu pancake-bunny.mit.edu real-mccoy.mit.edu busy-beaver.mit.edu bees-knees.mit.edu);
8
9my $now = time();
10
11my $dir = dirname($0);
12
13our $verbose = 0;
14$verbose = 1 if ($ARGV[0] eq "-v");
15
16use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days
17
18foreach my $server (@servers) {
19  open(X509, "-|", "$dir/ssl-get-endtime", "$server:636") or die "Couldn't invoke ssl-get-endtime: $!";
20  chomp(my $exp = <X509>);
21  close(X509);
22  $exp =~ s/^notAfter=// or warn "Cert appears broken: $server";
23
24  my $time = str2time($exp);
25
26  if ($verbose || ($time - $now) <= WARNING) {
27    printf "Certificate expiring in %.2f days: %s\n", (($time - $now) / (60.0*60*24)), $server;
28  }
29}
Note: See TracBrowser for help on using the repository browser.