[Xymon] SSL/TLS cert monitoring
Adam Thorn
alt36 at cam.ac.uk
Wed Aug 30 12:20:58 CEST 2023
On 30/08/2023 04:31, Vernon Everett wrote:
> 3. I have a few certs local to my client that I need to keep an eye on
> too. But these are used by applications, and are not related to a web
> page, so effectively I need to to keep tabs on /foo/bar/cert
Here's our perl script for doing this, though it uses a local
"SuperHobbit" perl module which manages loading config files so it's not
a case of just copy-pasting:
https://gitlab.developers.cam.ac.uk/-/snippets/238
As others have said, all that the script really does is run:
openssl x509 -in MY_CERTIFICATE.pem -noout -enddate
which'll output a single line like:
notAfter=Jul 4 23:59:59 2024 GMT
which is then parsed by perl's str2time() (other date parsing options
exist, of course. Thanks to Ralph for pointing out the -dateopt option
which I didn't know about, though unfortunately that's not available in
the version of openssl as provided by Ubuntu 20.04)
I looked quickly at reimplementing this in python using the standard
python 'crytography' package, but that started to open up cans of worms
around version dependencies and how we could make a suitable version of
the package available, so I've mentally stalled that idea for now.
Adam
More information about the Xymon
mailing list