Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
X
X
xgyrfalconx2022-03-10 17:00:10
linux
xgyrfalconx, 2022-03-10 17:00:10

How to check the expiration date of all site certificates?

Good afternoon, please tell me, is it possible to display the dates of all site certificates using openssl?
At the moment I'm using

echo | openssl s_client -servername yandex.ru -connect yandex.ru:443 | openssl x509 -dates -nocert


But it displays the start and end date only for the yandex.ru certificate, and I want to see the dates of Yandex CA and Certum Trusted Network CA.

depth=2 C = PL, O = Unizeto Technologies SA, OU = Certum Certification Authority, CN = Certum Trusted Network CA
verify return:1
depth=1 C = RU, O = Yandex LLC, OU = Yandex Certification Authority, CN = Yandex CA
verify return:1
depth=0 C = RU, L = Moscow, OU = ITO, O = Yandex LLC, CN = yandex.ru
verify return:1
notBefore=Feb 17 07:32:21 2022 GMT
notAfter=Aug 16 00 :00:00 2022 GMT
DONE


You can find out the dates if you save each certificate from the chain into separate files and call it. But I would not want to save them all the time.
openssl x509 -in yandex.pem -dates -noout

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
X
xgyrfalconx, 2022-03-23
@xgyrfalconx

In general, I found the solution myself, the meaning of the script is to get each certificate separately and call "openssl x509" for each separately, if this helps someone in the future, I'll leave my python script here:

#!/usr/bin/python3

import re
import datetime
import sys
import traceback
from subprocess import PIPE, Popen, DEVNULL


def get_cert_dates(hostname):
    try:
        result = []
        certs = Popen('sudo openssl s_client -showcerts -verify_quiet -servername {0} -connect {0}:443'.format(hostname), shell=True,
                      stdout=PIPE, stdin=DEVNULL, stderr=PIPE).stdout.read().decode('utf-8')
        pattern = r'(-----BEGIN CERTIFICATE-----[\D\d]*?-----END CERTIFICATE-----)'
        for cert in re.findall(pattern, certs):
            data = Popen('echo "{}" |sudo openssl x509 -subject -dates -noout'.format(cert), shell=True, stdout=PIPE,
                         stderr=PIPE).stdout.read().decode('utf-8').split('\n')
            subject = re.search(r'CN\s*=\s*([\D\d]*?$)',
                                data[0]).group(1).strip().replace(' ', '_').replace("'", '')
            expiry_dt = datetime.datetime.strptime(re.search(r'notAfter\s*=\s*([\D\d]*?$)', data[2]).group(1),
                                                   '%b %d %H:%M:%S %Y %Z')
            expiry_ts = int(datetime.datetime.timestamp(expiry_dt))
            end = expiry_ts - int(datetime.datetime.timestamp(datetime.datetime.now()))
            result.append({'subject': subject, 'expiry_dt': expiry_dt, 'expiry_ts': expiry_ts, 'end': end})
        return result
    except:
        print(traceback.format_exc())


print(get_cert_dates('yandex.ru'))

Report
D
Dmitry, 2022-03-10
@q2digger

I use this script - https://github.com/Matty9191/ssl-cert-check , runs through the list of sites, generates an alert if the deadline is right.

Similar questions
J
jspie2017-08-23 14:20:00
How to get request response in Axios? 6Reply
D
Dmitry Kuznetsov2017-12-05 15:02:08
Why is the state not saved after page reload or are there other options? 1Reply
P
ProgerSoft2019-11-10 13:38:03
How to fix themes for GTK+ applications in Plasma Desktop? 1Reply
I
Ivan2017-06-10 19:55:31
How to collect statistics correctly? 0Reply
R
Rex Veis2017-06-11 00:07:00
How to create a menu for Linux Ubuntu terminal? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question