Меню Затваряне

Проверка на сертификат

За да проверите дали коректно е инсталиран даден сертификат, било то за https (порт 443) или за друга услуга – например IMAP (порт 993), може да използвате следния скрипт, с име check_ssl.sh

#!/bin/bash
#
# SSL Certificate Expiration Checker
# Usage: check_ssl.sh host port

function check_certs() {
  if [ -z "$1" ]; then
    echo "Please enter the domain to check. Example: check_ssl.sh domain.com 443"
    exit 1
  fi
  if [ -z "$2" ]; then
    echo "Please enter the port to check. Example: check_ssl.sh domain.com 993"
    exit 1
  fi

  name="$1"
  port="$2"
  now_epoch=$(date +%s)

  dig +noall +answer "$name" | while read _ _ _ _ ip; do
    echo -n "SSL for: $name ($ip) on port: $port"

    # Get certificate information once
    cert_info=$(echo | openssl s_client -showcerts -servername "$name" -connect "$ip:$port" 2>/dev/null | openssl x509 -inform pem -noout -enddate -issuer)

    # Extract expiry date
    expiry_date=$(echo "$cert_info" | grep "notAfter=" | cut -d "=" -f 2)

    # Extract only the O= (Organization) field from issuer
    issuer=$(echo "$cert_info" | grep "^issuer=" | sed -n 's/.*O=\([^,]*\).*/\1/p')

    # Fallback if O= field is not found (some certs might not have it)
    if [ -z "$issuer" ]; then
      # Try to get CN= instead
      issuer=$(echo "$cert_info" | grep "^issuer=" | sed -n 's/.*CN=\([^,]*\).*/\1/p')
    fi

    echo -n " | Expire date: $expiry_date"

    expiry_epoch=$(date -d "$expiry_date" +%s)
    expiry_days=$(( (expiry_epoch - now_epoch) / (3600 * 24) ))

    echo " | Left: $expiry_days days | Issuer: $issuer"
  done
}

check_certs "$1" "$2"

Задължително трябва да подадете както хост, който да бъде проверен, така и порт за услугата, която ще проверявате, например:

Проверка на HTTPS:

./check_ssl.sh google.com 443
SSL for: google.com (142.250.187.174) on port: 443 | Expire date: Nov  7 08:17:54 2022 GMT | Left: 65 days | Issuer: Google Trust Services LLC

Проверка на SMTP:

./check_ssl.sh smtp.gmail.com 465
SSL for: smtp.gmail.com (108.177.127.109) on port: 465 | Expire date: Nov  7 08:24:48 2022 GMT | Left: 65 days | Issuer: Google Trust Services LLC