За да проверите дали коректно е инсталиран даден сертификат, било то за https (порт 443) или за друга услуга – например IMAP (порт 993), може да използвате следния скрипт, с име check_ssl.sh
#!/bin/bash
#
# SSL Certificate Expiration Checker
# Usage: check_ssl.sh host port
function check_certs() {
if [ -z "$1" ]; then
echo "Please enter the domain to check. Example: check_ssl.sh domain.com 443"
exit 1
fi
if [ -z "$2" ]; then
echo "Please enter the port to check. Example: check_ssl.sh domain.com 993"
exit 1
fi
name="$1"
port="$2"
now_epoch=$(date +%s)
dig +noall +answer "$name" | while read _ _ _ _ ip; do
echo -n "SSL for: $name ($ip) on port: $port"
# Get certificate information once
cert_info=$(echo | openssl s_client -showcerts -servername "$name" -connect "$ip:$port" 2>/dev/null | openssl x509 -inform pem -noout -enddate -issuer)
# Extract expiry date
expiry_date=$(echo "$cert_info" | grep "notAfter=" | cut -d "=" -f 2)
# Extract only the O= (Organization) field from issuer
issuer=$(echo "$cert_info" | grep "^issuer=" | sed -n 's/.*O=\([^,]*\).*/\1/p')
# Fallback if O= field is not found (some certs might not have it)
if [ -z "$issuer" ]; then
# Try to get CN= instead
issuer=$(echo "$cert_info" | grep "^issuer=" | sed -n 's/.*CN=\([^,]*\).*/\1/p')
fi
echo -n " | Expire date: $expiry_date"
expiry_epoch=$(date -d "$expiry_date" +%s)
expiry_days=$(( (expiry_epoch - now_epoch) / (3600 * 24) ))
echo " | Left: $expiry_days days | Issuer: $issuer"
done
}
check_certs "$1" "$2"
Задължително трябва да подадете както хост, който да бъде проверен, така и порт за услугата, която ще проверявате, например:
Проверка на HTTPS:
./check_ssl.sh google.com 443 SSL for: google.com (142.250.187.174) on port: 443 | Expire date: Nov 7 08:17:54 2022 GMT | Left: 65 days | Issuer: Google Trust Services LLC
Проверка на SMTP:
./check_ssl.sh smtp.gmail.com 465 SSL for: smtp.gmail.com (108.177.127.109) on port: 465 | Expire date: Nov 7 08:24:48 2022 GMT | Left: 65 days | Issuer: Google Trust Services LLC