* on the Thu, Feb 20, 2014 at 10:56:14AM -0800, Marc MERLIN wrote:
>> verify error:num=10:certificate has expired
>> notAfter=Jan 25 21:52:08 2014 GMT
>> ------------------------------------
>
> Thanks for catching that. Looks like when I was debugging my earlier
> problem ssl problem a couple months back, I put the wrong cert back in place.
You might find a tool that I wrote useful:
mike@glue:~$ sslScanner.pl --expires-within 7 merlins.org:465
IP Address Port Days Left Input Arg -> Cert Common Name
209.81.13.136 465 -25 merlins.org:465 -> merlins.org
mike@glue:~$
There would have been no output from the above command if the cert had
more than 7 days left on it. This makes it useful for adding to cron
for getting email alerts about certs which will expire soon.
I used port 465 because it only handles services that handle immediate
SSL on connect, and luckily you have that running.
It supports IPv6 too, and you can pass network ranges as well as
hostnames/ip addresses to check. You can get it here:
https://github.com/mikecardwell/sslScanner
--
Mike Cardwell https://grepular.com/ http://cardwellit.com/
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4