search

Matty9191 / ssl-cert-check

Send notifications when SSL certificates are about to expire.
GNU General Public License v2.0
718 stars 284 forks source link

-d option works in 'mysterious ways' #97

Open franps opened 3 years ago

franps commented 3 years ago

Hey, how are you? A friend of mine found this code and I'm trying it to see if it fits the needs I have. I found useful the option to find certificate files and check them, but have some issues using the option.

My directory: /tmp/ssltest

$ ls
testcert.pem  testcert2.pem

I found that when you use the -d option, if you point to the directory, you find both certificates

$ ./ssl-cert-check -d /tmp/ssltest/

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
FILE:/tmp/ssltest//testcert.pem                 Expiring     Sep 12, 2020   12
FILE:/tmp/ssltest//testcert2.pem                Expiring     Sep  1, 2020    1

If you use *.pem, it finds the first file and stop searching: 

./ssl-cert-check -d /tmp/ssltest/*.pem

Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
FILE:/tmp/ssltest/testcert.pem                  Expiring     Sep 12, 2020   12

I assume this behavior is not the expected. But if pointing to the directory was my workaround, I had no problem with that. Then I tried having more files in the directory /tmp/ssltest, I created a txt file 

$ ls
test.txt      testcert.pem  testcert2.pem

But when I tried searching for certificates in the directory, the script tried to read the txt and failed.

$ ./ssl-cert-check -d /tmp/ssltest/
Host                                            Status       Expires      Days
----------------------------------------------- ------------ ------------ ----
FILE:/tmp/ssltest//testcert.pem                 Expiring     Sep 12, 2020   12
unable to load certificate
4536331884:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: TRUSTED CERTIFICATE
unable to load certificate
4755144300:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: TRUSTED CERTIFICATE
unable to load certificate
4533202540:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: TRUSTED CERTIFICATE
unable to load certificate
4610739820:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: TRUSTED CERTIFICATE
FILE:/tmp/ssltest//test.txt                     Expired           0,    0 -2459093
FILE:/tmp/ssltest//testcert2.pem                Expiring     Sep  1, 2020    1

Am I using it wrong? The example in the readme file used the *.pem but I couldn't make it check all the certs in the directory

niv-amar commented 1 year ago

I have the same issue... Some one already solve it?

franps commented 1 year ago

I don't remember much of this, but I do remember to ended up coding a horrible script for nagios (I needed to use nagios at the time). The code to search all the certs works fine (I think), but the nagios alerting I remember was pretty bad. https://github.com/franps/nagios-cryppy

Hope it helps!