Find certs that will expire soon
I wrote a new utility to discover ssl certificates that will need to be replaced soon. You can go view find_expiring_certs.sh at gitlab. It does need bgscripts as a dependency, like most of my complex scripts. The flow of the script is pretty basic.
# Find all cert files
all_certs="$( find_all_certs "${FEC_FIND_METHOD}" "${FEC_EXCLUDE_DIRS}" "${FEC_FILE_FILTER}" )"
debuglev 7 && { echo "===== ALL CERTS FOUND that match file filter and outside excluded dirs" ; echo "${all_certs}" ; } 1>&2
# Limit list to those that will expire within the limit
dangerous_certs="$( echo "${all_certs}" | limit_certs "${FEC_DATE}" )"
debuglev 6 && { echo "===== CERTS that will expire soon" ; echo "${dangerous_certs}" ; } 1>&2
# Notify
printf "%s\n" "---- CERTS -----"
display_certs "${dangerous_certs}" 0
I have not added verbosity flags, because picking which attributes to read and display for different verbosity levels (or, displaying arbitrary fields based on a parameter) would be hard. And I didn't fully-feature it because it really is just an academic project. Turns out I don't need this tool in my environment. Frankly, the coolest thing about this script is that the find_all_certs function can use different ways to discover the files: find, or locate, or read standard input. Providing a mechanism for common field and exclude syntax, that can be munged to the right formats for the different ways to search, was the most interesting task of this script. Parsing openssl x509 output is just bog-standard awk logic.
Comments