From 4d82676b638a69c6c3589e9c91e8dff0930490c5 Mon Sep 17 00:00:00 2001 From: Mike D'Morto Date: Fri, 12 Feb 2021 11:41:51 +0700 Subject: [PATCH] mdmcertcheck v1.0 - expire certholder --- mdmcertcheck/mdmcertcheck.sh | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/mdmcertcheck/mdmcertcheck.sh b/mdmcertcheck/mdmcertcheck.sh index 8e90b2f..4f89bd3 100644 --- a/mdmcertcheck/mdmcertcheck.sh +++ b/mdmcertcheck/mdmcertcheck.sh @@ -4,7 +4,7 @@ export LC_ALL="" export LANG="en_US.UTF-8" -VERSION="0.3" +VERSION="1.0" CERTLIST="certlist.cfg" CTIMEOUT="1" @@ -89,6 +89,26 @@ valid_status) echo $RET; ;; +expire) + #calculate expire days + parse_item $ITEM + get_cert + expire_date=$( echo "$CERT_BODY" | openssl x509 -noout -dates | grep '^notAfter' | cut -d'=' -f2 ) + expire_date_epoch=$(date -d "$expire_date" +%s) || error "Failed to get expire date" + current_date_epoch=$(date +%s) + RET=$(( (expire_date_epoch - current_date_epoch)/(3600*24) )) + echo $RET +;; + +certholder) + #get cert holder string + parse_item $ITEM + get_cert + # Note: new openssl versions can print multiple return codes for post-handshake session tickets, so we need to get only the first one + RET=$( echo "$CERT_BODY" | sed -n '/BEGIN CERTIFICATE/,/END CERT/p' | openssl x509 -text 2>/dev/null | sed -n 's/ *Issuer: *//p' | sed -n 's/.*CN=*//p') + echo $RET; +;; + script.version) echo $VERSION ;; @@ -100,6 +120,8 @@ discovery - discovery items from config file isexist - the script has access to server with cert valid - the cert is valid (1|0) valid_status - the cert status in full text +expire - how many days for an unvalid state +certholder - certholder text script.version - current version of this script }" ;;