Many people have asked how to easily find out when their certificates expire. Here is a little script I cooked up to automate that task. Code: root@script:~# cat /root/bin/check-cert-akvaariotukku.fi.sh #!/bin/bash clear echo "SERVER CERTIFICATE EXPIRATION DATES:" echo "------------------------------------" server=erp.akvaariotukku.fi echo "" echo -e "\e[1;34mserver = ${server}\e[0m" echo "" echo "" echo "#### WWW port (client2server) ####" echo "------------------------------------" echo " SSL certificate on port 443" echo |openssl s_client -showcerts -connect $server:443 2>/dev/null | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo "" echo "#### SMTP ports (server2server) ####" echo "------------------------------------" echo " TLS certificate on port 25" echo |openssl s_client -showcerts -connect $server:25 2>/dev/null -starttls smtp | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo " SSL certificate on port 465" echo |openssl s_client -showcerts -connect $server:465 2>/dev/null | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo " TLS certificate on port 587" echo |openssl s_client -showcerts -connect $server:587 2>/dev/null -starttls smtp | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo "" echo "#### IMAP ports (client2server) ####" echo "------------------------------------" echo " SSL certificate on port 143" echo |openssl s_client -showcerts -connect $server:143 2>/dev/null -starttls imap | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo " SSL certificate on port 993" echo |openssl s_client -showcerts -connect $server:993 2>/dev/null | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo "" chmod +x /root/bin/check-cert-akvaariotukku.fi.sh Run that and it should give you clear answer. Something like this... Code: SERVER CERTIFICATE EXPIRATION DATES: ------------------------------------ server = erp.akvaariotukku.fi #### WWW port (client2server) #### ------------------------------------ SSL certificate on port 443 Expires = Dec 11 20:43:59 2023 GMT #### SMTP ports (server2server) #### ------------------------------------ TLS certificate on port 25 Expires = Dec 11 20:43:59 2023 GMT SSL certificate on port 465 Expires = Dec 11 20:43:59 2023 GMT TLS certificate on port 587 Expires = Dec 11 20:43:59 2023 GMT #### IMAP ports (client2server) #### ------------------------------------ SSL certificate on port 143 Expires = Dec 11 20:43:59 2023 GMT SSL certificate on port 993 Expires = Dec 11 20:43:59 2023 GMT You can run these from your linux/mac workstations or if you collect these scripts on your server, You can run these scripts from your workstation with SSH like this: Code: ssh [email protected] -t /root/bin/check-cert-akvaariotukku.fi.sh
PS. You can easily adapt this script to handle LDAP, MySQL and other SSL certificate queries. Just change the port and adjust the query.
