3 # Checks if a given cert on disk will expire soon
5 # Copyright 2009, 2012 Peter Palfrader
7 # Permission is hereby granted, free of charge, to any person obtaining
8 # a copy of this software and associated documentation files (the
9 # "Software"), to deal in the Software without restriction, including
10 # without limitation the rights to use, copy, modify, merge, publish,
11 # distribute, sublicense, and/or sell copies of the Software, and to
12 # permit persons to whom the Software is furnished to do so, subject to
13 # the following conditions:
15 # The above copyright notice and this permission notice shall be
16 # included in all copies or substantial portions of the Software.
18 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
20 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
22 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
23 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
24 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29 # warn if expires within 2 weeks, critical if within a day or already is expired
33 while [ "$#" -ge 2 ]; do
50 if [ "$#" != 1 ]; then
51 echo "Usage: $0 [-w <seconds>] [-c <seconds>] <crlfile>" >&2
57 if ! [ -r "$crl" ] ; then
58 echo "CRL file ($crl) does not exist or is not readable" >&2
62 expires="$(openssl crl -nextupdate -noout < "$crl" | cut -d = -f 2)"
63 expsec="$(date -d "$expires" +%s)"
65 delta="$(( $expsec - $now ))"
67 if [ "$delta" -gt "$warn" ] ; then
68 echo "OK: next update expected $expires"
71 if [ "$delta" -gt "$crit" ] ; then
72 echo "WARN: next update expected $expires"
75 echo "CRITICAL: next update expected $expires"