Este pequeño post que os escribo hoy os va a servir a todos aquellos sysadmins, que quieran monitorizar en (nagios por ejemplo) o simplemente ver las fechas de expiración u otros datos de los certificados SSL desde consola.
Para ver la fecha de expiración, usamos nmap:
nmap -p 443 --script ssl-cert www.dominioquesea.com
Output Starting Nmap 7.60 ( https://nmap.org ) at 2018-11-19 13:01 CET Nmap scan report for dominioquesea.com (x.x.x.x) Host is up (0.050s latency). PORT STATE SERVICE 443/tcp open https | ssl-cert: Subject: commonName=dominioquesea.com | Subject Alternative Name: DNS:dominioquesea.com, DNS:dominioquesea.com | Issuer: commonName=COMODO RSA Domain Validation Secure Server CA/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB | Public Key type: rsa | Public Key bits: 2048 | Signature Algorithm: sha256WithRSAEncryption | Not valid before: 2018-11-19T00:00:00 | Not valid after: 2019-12-19T23:59:59 | MD5: f9a5 d0be 54fe 6409 86aa cb99 2f3f 0575 |_SHA-1: e213 f74b 41a9 2a3d fbe5 398e 8fed 9708 9500 feb3
curl --insecure -v https://www.google.com 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
Output: * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification SKIPPED * server certificate status verification SKIPPED * common name: www.google.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: C=US,ST=California,L=Mountain View,O=Google Inc,CN=www.google.com * start date: Wed, 24 May 2017 17:39:15 GMT * expire date: Wed, 16 Aug 2017 17:13:00 GMT * issuer: C=US,O=Google Inc,CN=Google Internet Authority G2 * compression: NULL * ALPN, server accepted to use http/1.1 * Connection #0 to host www.google.com left intact
echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -enddate
Output: notAfter=Jan 22 13:15:00 2019 GMT