I thought it would be handy to know about expired certificates or
any certificates that may expire next month, or worse, have a problem
being read by openssl.
----8<----8<----8<----8<--cut below this line --8<----8<----8<----8<----8< #!/bin/bash #********************************************************************
#*
#* ch_4_expired_certs - Check for expired certificates or
#* certificates that will expire next month
#* or certs that were not readable by openssl
#*
#* Usually called from cron monthly.
#*
#* This is free software released to public domain.
#* Do with it whatever you want.
#*
#********************************************************************

_exe=$0
set -u # Show usage of unset variables as an error to help catch typos.


_after=""
declare -i _after_yyyymmdd=0
_cert=""
_fault_count=0
_msg=""
declare -i _next_mm=$(date --date="today + 1 month" +%Y%m%d)
declare -i _today=$(date --date="today" +%Y%m%d)

while read -r _cert ; do
_after=$(openssl x509 -in $_cert -noout -enddate 2> /dev/null)
if [ $? -eq 0 ] ; then
set -- $(IFS='= ' ; echo $_after)
_after_yyyymmdd=$(date --date="${3}-${2}-${5}" +%Y%m%d)

_msg=""
if [ $_after_yyyymmdd -lt $_next_mm ] ; then
_msg="expires $_after_yyyymmdd Warning."
_fault_flag=1
fi

if [ $_after_yyyymmdd -lt $_today ] ; then
_msg="expired $_after_yyyymmdd Error."
_fault_flag=1
fi

if [ -n "${_msg:-""}" ] ; then
echo "$_cert $_msg"
_fault_flag=1
fi
else
echo "Error reading $_cert"
_fault_flag=1
fi # end if [ $? -eq 0 ]
done < <(locate \.pem | grep -vE "/private/|/doc/|key\.")

if [ $_fault_flag -ne 0 ] ; then
cat /etc/release
echo "
Above is from $(hostname) $_exe
"
exit 1
fi

#************ end /local/bin/ch_4_expired_certs ********************

--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)