diff options
| author |  Christian Hesse <mail@eworm.de> | 2019-01-12 00:04:53 +0100 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2019-01-12 00:04:53 +0100 |
| commit | e62fbd248923162673a77112ef6836ad2e91583d (patch) | |
| tree | 6aa5b854b436862b6ada0059078131c7ea2c8736 | |
| parent | 4ab9f9e7c82230547aedffbaf73b2c91ff268da7 (diff) | |
check-certificates: properly handle expired certificates
| -rw-r--r-- | check-certificates | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/check-certificates b/check-certificates index 812b653..7ae33ab 100644 --- a/check-certificates +++ b/check-certificates @@ -18,7 +18,7 @@ } } -:foreach Cert in=[ / certificate find where !revoked expires-after<2w expires-after>0 ] do={ +:foreach Cert in=[ / certificate find where !revoked expires-after<2w ] do={ :local CertName [ / certificate get $Cert name ]; :local CommonName [ / certificate get $Cert common-name ]; :local FingerPrint [ / certificate get $Cert fingerprint ]; @@ -65,18 +65,25 @@ "Validity: " . $InvalidBefore . " to " . $InvalidAfter); :log info ("The certificate " . $CertName . " has been renewed."); } on-error={ - :local ExpiresAfter [ / certificate get $Cert expires-after ]; :local InvalidBefore [ / certificate get $Cert invalid-before ]; :local InvalidAfter [ / certificate get $Cert invalid-after ]; :local Issuer [ $GetIssuerCN [ / certificate get $Cert issuer ] ]; + :local State; + :if ([ / certificate get $Cert expired ] = true) do={ + :set State "expired"; + } else={ + :set State "is about to expire"; + } + $SendNotification ("Certificate warning!") \ - ("A certificate on " . $Identity . " is about to expire.\n\n" . \ + ("A certificate on " . $Identity . " " . $State . ".\n\n" . \ "Name: " . $CertName . "\n" . \ "CommonName: " . $CommonName . "\n" . \ "Fingerprint: " . $FingerPrint . "\n" . \ "Issuer: " . $Issuer . "\n" . \ "Validity: " . $InvalidBefore . " to " . $InvalidAfter); - :log warning ("The certificate " . $CertName . " is about to expire in " . $ExpiresAfter . "."); + :log warning ("The certificate " . $CertName . " " . $State . \ + ", it is invalid after " . $InvalidAfter . "."); } } |