Professional Web Applications Themes

Digital Certificate Expiration Utility - Linux / Unix Administration

Howdy, Over the years, I have worked in numerous environments were an expired digital certificate led to system outages, and user confusion. I decided to write a tool to deal with this issue, and describe it's usage in this months (September) issue of SysAdmin. The utility can be run to produce certificate expiration info for a single ssl-enabled service, or given a file with a list of domains: $ ./ssl-cert-check -s mail.daemons.net -p 443 Host Status Expires Days Left mail.daemons.net:443 Valid May 24 2005 282 $ cat ssldomains mail.daemons.net 443 [url]www.blatch.com[/url] 443 $ ./ssl-cert-check -b -f ssldomains Host Status Expires ...

  1. #1

    Default Digital Certificate Expiration Utility

    Howdy,

    Over the years, I have worked in numerous environments were an expired
    digital certificate led to system outages, and user confusion. I decided
    to write a tool to deal with this issue, and describe it's usage in this
    months (September) issue of SysAdmin. The utility can be run to produce
    certificate expiration info for a single ssl-enabled service, or given a
    file with a list of domains:

    $ ./ssl-cert-check -s mail.daemons.net -p 443

    Host Status Expires Days Left
    mail.daemons.net:443 Valid May 24 2005 282

    $ cat ssldomains
    mail.daemons.net 443
    [url]www.blatch.com[/url] 443

    $ ./ssl-cert-check -b -f ssldomains

    Host Status Expires Days Left
    mail.daemons.net:443 Valid May 24 2005 282
    [url]www.blatch.com:443[/url] Down ? ?

    There is email integration to remind you electronically when
    certificates are about to expire, and a quiet mode to allow easy
    integration with cron. ssl-cert-check is licensed under the GPL,
    and can be downloaded at:

    [url]http://www.daemons.net/~matty/code/ssl-cert-check[/url]

    Please let me know if you run into problems or bugs.

    Thanks,
    - Ryan
    Matty Guest

  2. #2

    Default Re: Digital Certificate Expiration Utility

    If people are too stupid to read the email from the issuer, how will that
    help? You already get warnings from the issuer of the cert.



    HoTShoT Guest

  3. #3

    Default Re: Digital Certificate Expiration Utility

    in article [email]10hv5hpafblnpc7corp.supernews.com[/email], HoTShoT at wrote on 8/15/04
    9:58 AM:
    > If people are too stupid to read the email from the issuer, how will that
    > help? You already get warnings from the issuer of the cert.
    >
    >
    >
    It's not a matter of people being stupid, it's being proactive and knowing
    when your own certs expire, not relying on someone else to do your job.
    Maybe they'll send you an e-mail, maybe they won't. I'd prefer to control my
    own destiny rather then explain to management that our VPN and SSL sites are
    down because wah, Thawte never reminded me.

    ps Guest

  4. #4

    Default Re: Digital Certificate Expiration Utility

    ps spilled the following:
    > in article [email]10hv5hpafblnpc7corp.supernews.com[/email], HoTShoT at wrote on
    > 8/15/04 9:58 AM:
    >
    >> If people are too stupid to read the email from the issuer, how will that
    >> help? You already get warnings from the issuer of the cert.
    >>
    >
    > It's not a matter of people being stupid, it's being proactive and knowing
    > when your own certs expire, not relying on someone else to do your job.
    > Maybe they'll send you an e-mail, maybe they won't. I'd prefer to control
    > my own destiny rather then explain to management that our VPN and SSL
    > sites are down because wah, Thawte never reminded me.
    Yeah, but there are so many other things which need to happen at specific
    times throughout the life of any sort of enterprise (DNS expiry, time to
    replace hard disks, renew passwords...), surely it's a better idea to have
    a proper diarying system which can address all of them than a program which
    only fixes one.

    C.
    Colin McKinnon Guest

  5. #5

    Default Re: Digital Certificate Expiration Utility

    HoTShoT wrote:
    > If people are too stupid to read the email from the issuer, how will that
    > help? You already get warnings from the issuer of the cert.
    >
    The script wasn't developed to deal with ignorance, it was designed
    to help folks deal with certificate expiration issues. Public CA
    "notification" intervals aren't configurable, ssl-cert-check is.

    Matty Guest

  6. #6

    Default Re: Digital Certificate Expiration Utility

    Managing a large number of certs for other people, it will be helpful
    to be able to quickly probe all their sites actively without human
    intervention, as the 30-day reminder can often not be long enough once
    you get involved in the process of billing, invoicing, etc, etc, when
    things move like treacle flowing downhill. I'd prefer not to pay for a
    customer's renewal myself and then try claiming back the money.

    We could rely on purchasing records, but this is a lot easier.

    So, thanks for that, I think it'll be useful.

    --

    Regards,

    Mark Davies


    MD Guest

Similar Threads

  1. a certificate list in a digital signature creator
    By ProteZ in forum Adobe Acrobat SDK
    Replies: 0
    Last Post: May 10th, 09:36 AM
  2. Replies: 1
    Last Post: July 21st, 03:54 PM
  3. Cookie Expiration
    By Brian in forum ASP.NET General
    Replies: 0
    Last Post: July 28th, 07:55 PM
  4. password expiration
    By chris in forum Windows XP/2000/ME
    Replies: 7
    Last Post: July 19th, 04:49 PM
  5. Certificate Server and Windows XP - Cannot install certificate
    By Justin Tyme in forum Windows Setup, Administration & Security
    Replies: 0
    Last Post: July 15th, 04:57 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139