|
|
|
|
|
|
by justin_oaks
1597 days ago
|
|
|
Sounds similar to my setup. I have a bash script which takes a list of TCP addresses (host:port ), contacts each one using openssl s_client, and uses the notAfter field to calculate how many days until expiration. I use the date command to parse the date that's returned from openssl and convert it to seconds. The core of script is this snippet of bash, where $target is of the format host:port. cert_exp_date=$(echo | openssl s_client -connect "$target" 2>/dev/null | openssl x509 -noout -enddate | cut -d= -f 2 | head -c 20 )
if [ -n "${cert_exp_date}" ]; then
cert_exp_date_seconds="$(date --date="${cert_exp_date}" +%s)"
now_seconds="$(date +%s)"
exp_days="$(( ( cert_exp_date_seconds - now_seconds ) / 86400 ))"
echo "certificate_expiration_days,name=${name},target=${target} days=${exp_days}"
The script is executed as a Telegraf exec input so that the data can be fed into my general monitoring setup (InfluxDB and Grafana). I have a Grafana alert for each host. |
|
|