The below are two scripts that I use to check my front facing websites SSL certificates and the days remaining until they expire. I use it to check my core VMware products expiry. You need to run it on a linux box and have python installed. Put the files you create into one folder and don’t forgot to change the permissions so they execute “chmod -R 0777 filename”. It should output a txt file with the list of your certificates you specified.

  1. save as CertCheckerScript.sh and modify with your FQDN’s or IP address below is an example of my lab environment
#!/bin/bash
OUTPUT_FILE=certexpiry_core.txt
echo 'inDays' > $OUTPUT_FILE
echo 'LDAP - ldap.vcf.sddc.lab' >> $OUTPUT_FILE
./getSSLRemainingDays.sh ldap.vcf.sddc.lab 636 >> $OUTPUT_FILE
echo 'vCENTER – vcenter1.vcf.sddc.lab' >> $OUTPUT_FILE
./getSSLRemainingDays.sh vcenter1.vcf.sddc.lab 443 >> $OUTPUT_FILE
echo 'vCENTER – vcenter2.vcf.sddc.lab' >> $OUTPUT_FILE
./getSSLRemainingDays.sh vcenter2.vcf.sddc.lab 443 >> $OUTPUT_FILE
echo 'vCENTER – vcenter3.vcf.sddc.lab' >> $OUTPUT_FILE
./getSSLRemainingDays.sh vcenter3.vcf.sddc.lab 443 >> $OUTPUT_FILE
echo 'SDDC MGR – sddc-mgr.vcf.sddc.lab' >> $OUTPUT_FILE
./getSSLRemainingDays.sh sddc-mgr.vcf.sddc.lab 443 >> $OUTPUT_FILE

2. save as getSSLRemainingDays.sh don’t modify the content of this file.

#!/bin/bash

now_date=$(date)
cert_date=$(echo | openssl s_client -servername $1 -connect $1:$2 2>/dev/null | openssl x509 -noout -dates | grep notAfter | cut -d= -f2)

cert_date_epoch=$(date -d "$cert_date" "+%s")
now_date_epoch=$(date -d "$now_date" "+%s")

echo $(( ($cert_date_epoch - $now_date_epoch) / 86400 ))

3. to run type

./CertCheckerScript.sh

By Kader