source: trunk/server/fedora/config/etc/pki/tls/certs/check.pl @ 2792

Last change on this file since 2792 was 2545, checked in by andersk, 10 years ago
Test all certificates for expiration, including intermediates
  • Property svn:executable set to *
File size: 1.1 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4use warnings;
5use autodie;
6use Date::Parse;
7use File::Basename;
8use Getopt::Long qw(:config bundling);
9use IPC::Open2;
10
11chdir dirname($0);
12
13my $now = time();
14
15GetOptions(
16  "verbose|v" => \my $verbose,
17) or exit 2;
18
19use constant WARNING => 60*60*24*14; # Warn if a cert is expiring within 14 days
20
21foreach my $cert (glob "*.pem") {
22  open(CERT, "<", $cert);
23  my $ins = do {local $/; <CERT>};
24  close(CERT);
25
26  for my $in ($ins =~ /^-----BEGIN CERTIFICATE-----\n.*?^-----END CERTIFICATE-----\n/msg) {
27    my $pid = open2(\*X509, \*IN, qw(openssl x509 -enddate -noout));
28    print IN $in;
29    close(IN);
30    my $out = do {local $/; <X509>};
31    close(X509);
32    waitpid($pid, 0);
33
34    my $exp;
35    unless (defined $out and ($exp) = $out =~ /^notAfter=(.*)$/m) {
36      warn "Cert appears broken: $cert";
37      next;
38    }
39
40    my $time = str2time($exp);
41
42    if ($verbose || ($time - $now) <= WARNING) {
43      printf "Certificate expiring in %.2f days: %s for ", (($time - $now) / (60.0*60*24)), $cert;
44      open(IN, '|-', qw(openssl x509 -subject -noout));
45      print IN $in;
46      close(IN);
47    }
48  }
49}
Note: See TracBrowser for help on using the repository browser.