On 30/08/2023 04:31, Vernon Everett wrote:
3. I have a few certs local to my client that I need to keep an eye on too. But these are used by applications, and are not related to a web page, so effectively I need to to keep tabs on /foo/bar/cert
Here's our perl script for doing this, though it uses a local "SuperHobbit" perl module which manages loading config files so it's not a case of just copy-pasting:
https://gitlab.developers.cam.ac.uk/-/snippets/238
As others have said, all that the script really does is run:
openssl x509 -in MY_CERTIFICATE.pem -noout -enddate
which'll output a single line like:
notAfter=Jul 4 23:59:59 2024 GMT
which is then parsed by perl's str2time() (other date parsing options exist, of course. Thanks to Ralph for pointing out the -dateopt option which I didn't know about, though unfortunately that's not available in the version of openssl as provided by Ubuntu 20.04)
I looked quickly at reimplementing this in python using the standard python 'crytography' package, but that started to open up cans of worms around version dependencies and how we could make a suitable version of the package available, so I've mentally stalled that idea for now.
Adam