#!/usr/bin/env bash # Author: Oliver Ladner # License: LGPL # # Recursively search for SSL certificate # files and display valid period # # Won't run on Solaris without modifications (find, date etc) # We need arguments if [ "$1" = "-h" -o "$1" = "--help" ]; then echo -e "Usage: `basename $0` [option] [path]" echo -e "Options: -v\tonly show valid certs\r" echo -e " -e\tonly show expired certs" exit fi # probably(tm) too complicated ;-) if [ "$1" = "-e" ]; then ONLY_EXPIRED=TRUE MYPATH="$2" elif [ "$1" = "-v" ]; then ONLY_VALID=TRUE MYPATH="$2" else if [ ! -z $1 ]; then if [ "$2" = "-e" ]; then ONLY_EXPIRED=TRUE elif [ "$2" = "-v" ]; then ONLY_VALID=TRUE else ONLY_VALID=FALSE ONLY_EXPIRED=FALSE fi MYPATH=$1 else MYPATH="." ONLY_VALID=FALSE ONLY_EXPIRED=FALSE fi fi FOO=`find $MYPATH -type f -iname "*.crt*" | grep -v '.svn'` for i in `echo $FOO`; do MYPATH=$(dirname $i) MYFILE=$(basename $i) # date conversion DATE_STRING=$(openssl x509 -text -in $i | grep 'Not After' | awk -F": " '{print $2}') NOT_AFTER=$(date -d "$DATE_STRING" +%s) UNIX2HUMAN=$(date -d "1970-01-01 $NOT_AFTER sec" +%c) if [ $NOT_AFTER -le $(date +%s) ]; then if [ $ONLY_EXPIRED ]; then echo "$MYPATH/$MYFILE" && echo "Certificate expired $UNIX2HUMAN"; fi else if [ $ONLY_VALID ]; then echo "$MYPATH/$MYFILE" && echo "Certificate is valid"; fi fi done