Re: [exim] My self signed cert seems to fail with american e…

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] My self signed cert seems to fail with american express
* on the Thu, Feb 20, 2014 at 10:56:14AM -0800, Marc MERLIN wrote:

>> verify error:num=10:certificate has expired
>> notAfter=Jan 25 21:52:08 2014 GMT
>> ------------------------------------
>
> Thanks for catching that. Looks like when I was debugging my earlier
> problem ssl problem a couple months back, I put the wrong cert back in place.


You might find a tool that I wrote useful:

mike@glue:~$ sslScanner.pl --expires-within 7 merlins.org:465 
     IP Address   Port  Days Left  Input Arg -> Cert Common Name
  209.81.13.136    465        -25  merlins.org:465 -> merlins.org
mike@glue:~$ 


There would have been no output from the above command if the cert had
more than 7 days left on it. This makes it useful for adding to cron
for getting email alerts about certs which will expire soon.

I used port 465 because it only handles services that handle immediate
SSL on connect, and luckily you have that running.

It supports IPv6 too, and you can pass network ranges as well as
hostnames/ip addresses to check. You can get it here:

https://github.com/mikecardwell/sslScanner

-- 
Mike Cardwell  https://grepular.com/     http://cardwellit.com/
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3  B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1  BF1B 295C 3C78 3EF1 46B4