How to track the expiration date of a digital certificate when there are a lot of them?

I

Ivan Frolov2021-10-11 18:24:20

Digital certificates

Ivan Frolov, 2021-10-11 18:24:20

Good afternoon!

Please share your experience, who monitors the expiration dates of digital certificates?
The situation is this, in the office there are about 170-200 digital certificates, all issued at different times. Users do not particularly track when their certificate expires and the person who receives certificates for them remains the last, although he does not have the ability to constantly track the deadlines.
maybe someone knows a utility or program that imports .cer files and at least builds certificate data in an approximate tabular format.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

K

ky0, 2021-10-11
@ky0

We have a similar problem perfectly solved by Zabbix with the appropriate template .

E

Eugene, 2021-10-11
@yellowmew

To monitor the validity of certificates, I use this simple script:

#!/bin/bash
#usage check-dates.sh `date in YYYYMMDD format`

for f in /certificates/*.cer
do
  date=$(openssl x509 -in $f -noout -enddate | sed 's/notAfter=//g')
  enddate=$(date -d "$date" +%Y%m%d)
  if (($enddate < "$1"))
  then
### your code here
  fi
done

in "your code" you can at least send letters with a list of certificates whose enddate meets your criteria
Or you can, using the openssl example, display a list of all certificates with enddate in csv and use it somehow differently

C

CityCat4, 2021-10-12
@CityCat4

Since I issue certificates, I have a banal calendar in the planner :) with tasks like "Update the certificate for Vasya Pupkin", "Update the certificate for Masha Siskina", and I actually see many employees once a year :)