Last active
July 5, 2023 09:33
-
-
Save nielsole/b51abf2513c6b24680fb46baa431d912 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Check if a parameter has been supplied | |
| if [ $# -eq 0 ] || [ "$1" = "-h" ]; then | |
| echo "Usage: $0 <path_to_ca_bundle>" | |
| echo "Displays the certificate that expires next in the provided CA bundle." | |
| echo "The path to the CA bundle must be the first parameter." | |
| exit 1 | |
| fi | |
| # Create a temporary directory | |
| tmpdir=$(mktemp -d) | |
| # Split the ca-bundle into individual certificates | |
| csplit -f "$tmpdir/cert-" $1 '/-----BEGIN CERTIFICATE-----/' '{*}' | |
| # Initialize the minimum date to a date in the future | |
| min_date=$(date -d "9999-12-31 23:59:59" +%s) | |
| # Get the current date in seconds since 1970-01-01 00:00:00 UTC | |
| current_date=$(date +%s) | |
| # Loop through the certificates | |
| for cert in "$tmpdir"/cert-*; do | |
| # Get the expiration date of the certificate | |
| end_date=$(openssl x509 -enddate -noout -in "$cert" | cut -d= -f2) | |
| # Convert the expiration date to seconds since 1970-01-01 00:00:00 UTC | |
| end_date_seconds=$(date -d "$end_date" +%s) | |
| # If this certificate expires before the current minimum and is not expired, update the minimum | |
| if (( end_date_seconds < min_date )) && (( end_date_seconds > current_date )); then | |
| min_date=$end_date_seconds | |
| min_date_cert=$cert | |
| fi | |
| done | |
| # Display the certificate that expires next | |
| openssl x509 -noout -text -in "$min_date_cert" | |
| # Remove the temporary directory | |
| rm -r "$tmpdir" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment