-
Notifications
You must be signed in to change notification settings - Fork 7
/
check_ssl_cert_expiry
77 lines (67 loc) · 1.83 KB
/
check_ssl_cert_expiry
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/bin/bash
## Author: Sharad Kumar Chhetri
## Creation Date : 10-Dec-2014
## Description : Send Warning/Critical alert before expiry date of SSL Certificate.
## Version : 1.0
##
## Usage example: /check_ssl_cert_expiry -h www.google.co.in -w 90 -c 60
## -w = integer number (Warning days)
## -c = integer number (Critical days)
#
# Requirement : bc command should be available in system.
#
_HOST=""
_WARNEXPIRYDAYS=""
_CRITEXPIRYDAYS=""
while getopts "h:w:c:" opt
do
case $opt in
h ) _HOST=$OPTARG;;
w ) _WARNEXPIRYDAYS=$OPTARG;;
c ) _CRITEXPIRYDAYS=$OPTARG;;
esac
done
if [ ! "$_HOST" ]
then
printf "ERROR - Either give Hostname in syntax as www.example.com or example.com with -h!\n"
exit 3
fi
if [ ! "$_WARNEXPIRYDAYS" ]
then
printf "ERROR - Add WARNING expiry in days with -w\n"
exit 3
fi
if [ ! "$_CRITEXPIRYDAYS" ]
then
printf "ERROR - Add CRITICAL expiry in days with -c\n"
exit 3
fi
EXPIRYDATE=`echo "QUIT" | openssl s_client -connect $_HOST:443 2>/dev/null | openssl x509 -noout -enddate 2>/dev/null|sed 's/notAfter=//g'`
#echo $EXPIRYDATE
EXPIRYDATE_epoch=$(date --date "$EXPIRYDATE" +%s)
CURRENT_DATE_epoch=`date +%s`
#echo $EXPIRYDATE_epoch
#echo $CURRENT_DATE_epoch
#echo $dayDiff
epochDiff=`echo "$EXPIRYDATE_epoch" - "$CURRENT_DATE_epoch"|bc`
#echo $epochDiff
### Get difference of days
dayDiff=`echo "$epochDiff"/86400|bc`
#echo $dayDiff
if [ "$dayDiff" -le "$_CRITEXPIRYDAYS" ]
then
echo "CRITICAL : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 2
else
if [ "$dayDiff" -le "$_WARNEXPIRYDAYS" ]
then
echo "WARNING : $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 1
else
if [ "$dayDiff" -gt "$_WARNEXPIRYDAYS" ]
then
echo "OK: $dayDiff days are left for SSL Certificate Expiration on Host $_HOST"
exit 0
fi
fi
fi