-
Notifications
You must be signed in to change notification settings - Fork 0
/
checkcert.sh
executable file
·162 lines (146 loc) · 5.09 KB
/
checkcert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/bin/bash -
# ==============================================================================
# Title : checkcert.sh
# Description : This script will check the expiration date of a SSL certificat.
# Author : Julien Mousqueton @JMousqueton
# Date : 2022-08-07
# Version : 1.1
# Licences : GNU 3.0
# Usage : bash checkcert.sh -d <domain>
# Notes : this Script uses "standard" exit codes :
# - 1 : Certificat expired or will expire within 7 days
# or the number of days specified with option -D
# - 0 : Everything is good :)
# - 3 : opensll or curl not installed
# - 22 : No domain specified or invalid options
# - 101 : Domain doesn't respond
# ==============================================================================
DAYS=7
# DOMAIN="expired.badssl.com"
PORT="443"
Verbose="false"
# Reset
Color_Off='\033[0m' # Text Reset
# Regular Colors
Red='\033[0;31m' # Red
Green='\033[0;32m' # Green
Yellow='\033[0;33m' # Yellow
############################################################
# Help #
############################################################
Help()
{
# Display Help
echo "Check expiration date of SSL certificat."
echo
echo "Syntax: checkcert.sh [-d|p|D|h]"
echo "options:"
echo -e "d Domain name (${Red}Mandatory${Color_Off})."
echo -e "h Print this Help."
echo -e "D Number of days (by default 7 days)."
echo -e "p Port (by default 443)."
echo -e "v Verbose error message on stderr"
echo
}
############################################################
# Error Message #
############################################################
echoerr()
{
if [ "$Verbose" == "true" ]; then
echo "$@" 1>&2;
fi
}
############################################################
# Check if OpenSSL is installed #
############################################################
Openssl_check ()
{
echoerr "Checking for openssl..."
if command -v openssl > /dev/null; then
echoerr "Detected openssl..."
else
if [[ $OSTYPE == 'darwin'* ]]; then
echoerr "MacOS : you should check manually if openssl is installed"
exit 3
else
echoerr "Installing openssl..."
sudo apt-get install -q -y openssl
if [ "$?" -ne "0" ]; then
echoerr "Unable to install openssl ! Your base system has a problem; please check your default OS's package repositories because openssl should work."
echoerr "Repository installation aborted."
exit 3
fi
fi
fi
}
Curl_check ()
{
echoerr "Checking for curl..."
if command -v curl > /dev/null; then
echoerr "Detected curl..."
else
if [[ $OSTYPE == 'darwin'* ]]; then
echoerr "MacOS : you should check manually if curl is installed"
exit 3
else
echoerr "Installing curl..."
sudo apt-get install -q -y curl
if [ "$?" -ne "0" ]; then
echoerr "Unable to install curl ! Your base system has a problem; please check your default OS's package repositories because curl should work."
echoerr "Repository installation aborted."
exit 3
fi
fi
fi
}
############################################################
# Main #
############################################################
# Get the options
while getopts ":d:hD:p:v" option; do
case $option in
h) # display Help
Help
exit;;
d) # Domain name
DOMAIN=$OPTARG;;
D) # nb Days
DAYS=$OPTARG;;
p) # Port number
PORT=$OPTARG;;
v) # Verbose mode
Verbose="true";;
\?) # Invalid option
echo "Error: Invalid option"
exit 22;;
esac
done
# Check if a domain is specified
if [ -z "${DOMAIN}" ]; then
echo -e "${Red}\xE2\x9D\x8C${Color_Off} A domain name (-d) is mandatory !!!\n"
Help
exit 22
fi
# Call Openssl_check()
Openssl_check
# Call Curl_check()
Curl_check
# Check if the domain is responding
echoerr "Checking for $DOMAIN:PORT to respond ..."
status_code=$(curl --insecure --write-out %{http_code} --silent --output /dev/null "https://$DOMAIN:$PORT")
if [[ "$status_code" -ne 200 ]] ; then
echo -e "${Red}\xE2\x9D\x8C${Color_Off} ${Yellow}$DOMAIN${Color_Off} is not reponding !!!"
exit 101
fi
# Concert Days in seconds for openssl call
Seconds=$((DAYS * 86400))
echo | openssl s_client -servername "$DOMAIN" -connect "$DOMAIN:$PORT" 2>/dev/null | openssl x509 -noout -enddate -checkend "$Seconds" >/dev/null
if [ $? -eq 1 ];
then
echo -e "${Red}\xE2\x9D\x8C${Color_Off} ${Yellow}$DOMAIN${Color_Off} has been expired or will expire within ${Yellow}$DAYS${Color_Off} days."
exit 1
else
echo -e "${Green}\xE2\x9C\x94${Color_Off} ${Yellow}$DOMAIN${Color_Off} won't expired within ${Yellow}$DAYS${Color_Off} days."
exit 0
fi