source: trunk/server/fedora/config/etc/pki/tls/certs/check.pl @ 1214

Last change on this file since 1214 was 1171, checked in by quentin, 15 years ago
Script for checking certificate expiration times
  • Property svn:executable set to *
File size: 742 bytes
Line 
1#!/usr/bin/perl
2
3use File::Basename;
4use Date::Parse;
5
6my $dir = basename($0);
7chdir $dir;
8
9my $now = time();
10
11our $verbose = 0;
12$verbose = 1 if ($ARGV[0] eq "-v");
13
14use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days
15
16foreach my $cert (glob "*.pem") {
17  open(X509, "-|", qw(openssl x509 -in), $cert, qw(-enddate -noout)) or die "Couldn't invoke openssl x509: $!";
18  chomp(my $exp = <X509>);
19  close(X509);
20  $exp =~ s/^notAfter=// or warn "Cert appears broken: $cert";
21
22  my $time = str2time($exp);
23
24  if ($verbose || ($time - $now) <= WARNING) {
25    printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert;
26    system(qw(openssl x509 -in), $cert, qw(-subject -noout));
27  }
28}
Note: See TracBrowser for help on using the repository browser.