After Heartbleed and generating lots of different new certificates I searched for a tool that sends me an alert when a certificate is about to expire. Basically I need an automatic check of expiration date of certificates. My requirements were
- daily checks;
- notification by email;
- check for certificates on internal and external network;
- check for certificates on non-web service (imap, pop, …).
There are a couple of tools that cover part of my requirements but not one tool that did everything that I needed. So I made it myself.
Check Expiration Date of SSL certificates
ceds.py is a python script that reads a file as input (ceds.checks) and does a SSL check on every host listed in the file. The script has a couple of inline configuration parameters.
servers_to_check = "ceds.checks" alert_days = 5 mail_rcpt = "<>" mail_from = "<>" mail_server = "localhost"
- servers_to_check : the file with the hosts to check;
- alert_days : how days before expiration to send an alert;
- mail_rcpt : sender of the alert;
- mail_from : receiver of the alert;
- mail_server server to use to send the alert.
The script is available on Github, download the raw version at https://raw.githubusercontent.com/cudeso/tools/master/ceds.py.
Ideally you run this script from cron.
30 12 * * * user /home/user/tools/ceds.py > /dev/null 2>&1