Command-line SSL Certificate Expiry Date Checker

A simple command-line script to check expiry dates for your ssl certificates.


Source

~/.functions

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
function check_site_ssl () {
red=`tput setaf 1`
green=`tput setaf 2`
reset=`tput sgr0`

ifs=$IFS
IFS=$'\n=' # ' comment to avoid pygments bug!

echo -ne "$1 ... "
dates=`echo | openssl s_client -connect "$1":443 2>/dev/null | openssl x509 -noout -dates`

read x d1 y d2 <<< $(tr '\n' '=' <<< $dates | rev | cut -c 2- | rev)

today=$(date +"%Y%m%d")
todate=$(date -jf "%b %d %T %Y GMT" "$d2" +"%Y%m%d")
fromdate=$(date -jf "%b %d %T %Y GMT" "$d1" +"%Y%m%d")
days=$(expr '(' $(date -jf "%b %d %T %Y GMT" "$d2" +"%s") - $(date +"%s") ')' / 86400)" days"

if [ $todate -ge $today ] && [ $today -ge $fromdate ]; then
echo "${green}$days until expiry!${reset}";
else
echo "${red}✗ expired $days ago!${reset}";
fi

IFS=$ifs
}

function check_ssl () {
if [ "$#" -eq 1 ]; then
check_site_ssl "$1"
elif [ -f ~/.ssl_sites ]; then
for site in `cat ~/.ssl_sites`; do
check_site_ssl "$site"
done
fi
}

~/.ssl_sites

1
2
3
4
google.com
facebook.com
twitter.com
youtube.com

Usage

check_ssl

1
2
3
4
google.com ... ✓ 71 days until expiry!
facebook.com ... ✓ 213 days until expiry!
twitter.com ... ✓ 652 days until expiry!
youtube.com ... ✓ 71 days until expiry!

check_ssl mail.google.com

1
mail.google.com ... ✓ 71 days until expiry!

Based on openssl binary. Uses date, cut, read, tput, expr commands. Tested on OS X.