Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 52 lines (44 sloc) 1.62 KB
# Check Mac OS X Server Certificate Expiry
# by Jedda Wignall
# v1.1 - 17 Sep 2012
# Fixed script to throw proper critical error if a cert cannot be loaded by openssl.
# v1.0 - 20 Mar 2012
# Initial release.
# This script checks the expiry dates of all certificates in the /etc/certificates directory, and returns a warning if needed based on your defined number of days.
# Takes 1 argument - the minimum number of days between today and cert expiry to throw a warning:
# 7
# Warns if a certificate is set to expire in the next 7 days.
currentDate=`date "+%s"`
for c in $CERTS
fileType=`echo $c | awk -F . '{print $(NF-1)}'`
if [ $fileType == 'cert' ]; then
# read the dates on each certificate
certDates=`openssl x509 -noout -in "$c" -dates 2>/dev/null`
if [ -z "$certDates" ]; then
# this cert could not be read.
printf "CRITICAL - $c could not be loaded by openssl\n"
exit 2
notAfter=`echo $certDates | awk -F notAfter= '{print $NF}'`
expiryDate=$(date -j -f "%b %e %T %Y %Z" "$notAfter" "+%s")
diff=$(( $expiryDate - $currentDate ))
warnSeconds=$(($1 * 86400))
if [ "$diff" -lt "0" ]; then
# this cert is has already expired! return critical status.
printf "CRITICAL - $c has expired!\n"
exit 2
elif [ "$diff" -lt "$warnSeconds" ]; then
# this cert is expiring within the warning threshold. return warning status.
printf "WARNING - $c will expire within the next $1 days.\n"
exit 1
# all certificates passed testing. return OK status.
printf "OK - Certificates are valid.\n"
exit 0