Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JSON output option added #103

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ ssl-cert-check is a Bourne shell script that can be used to report on expiring S
# Usage:
<pre>
$ ./ssl-cert-check
Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-n] [-N] [-v]
Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x days ] [-q] [-a] [-b] [-h] [-i] [-j] [-n] [-N] [-v]
{ [ -s common_name ] && [ -p port] } || { [ -f cert_file ] } || { [ -c cert file ] } || { [ -d cert dir ] }"

-a : Send a warning message through E-mail
Expand All @@ -17,6 +17,7 @@ Usage: ./ssl-cert-check [ -e email address ] [ -E sender email address ] [ -x da
-f cert file : File with a list of FQDNs and ports
-h : Print this screen
-i : Print the issuer of the certificate
-j : Print each line as a JSON object
-k password : PKCS12 file password
-n : Run as a Nagios plugin
-N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)
Expand Down Expand Up @@ -61,6 +62,17 @@ Send an e-mail to [email protected] if a domain listed in ssldomains will expir
$ ssl-cert-check -a -f ssldomains -q -x 60 -e [email protected]
</pre>

Print the expiration times as JSONL (every line is a separate JSON document):

<pre>
$ ssl-cert-check -j -f ssldomains
{"host":"www.prefetch.com","port":"443","status":"Unable to resolve the DNS name www.prefetch.com","expires":"Unknown","days":""}
{"host":"mail.prefetch.net","port":"993","status":"Unable to resolve the DNS name mail.prefetch.net","expires":"Unknown","days":""}
{"host":"gmail.google.com","port":"443","status":"Valid","expires":"May 18 15:36:55 2021 GMT","days":"59"}
{"host":"www.sun.com","port":"443","status":"Expired","expires":"","days":"-2459294"}
{"host":"www.spotch.com","port":"443","status":"Valid","expires":"Apr 24 11:04:05 2021 GMT","days":"35"}
</pre>

# Additional Documentation

Documentation And Examples: http://prefetch.net/articles/checkcertificate.html
31 changes: 25 additions & 6 deletions ssl-cert-check
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,9 @@ NAGIOS="FALSE"
# Don't summarize Nagios output by default (cmdline: -N)
NAGIOSSUMMARY="FALSE"

# Don't print each line as a JSON object by default (cmdline: -j)
JSONL="FALSE"

# NULL out the PKCSDBPASSWD variable for later use (cmdline: -k)
PKCSDBPASSWD=""

Expand Down Expand Up @@ -498,23 +501,34 @@ prints()

if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then
MIN_DATE=$(echo "$4" | "${AWK}" '{ printf "%3s %2d %4d", $1, $2, $4 }')
if [ "${NAGIOS}" = "TRUE" ]; then
if [ "${JSONL}" = "TRUE" ]; then
echo "{\"host\":\"$1\",\"port\":\"$2\",\"issuer\":\"$6\",\"status\":\"$3\",\"expires\":\"$4\",\"days\":\"$5\"}"
elif [ "${NAGIOS}" = "TRUE" ]; then
${PRINTF} "%-35s %-17s %-8s %-11s %s\n" "$1:$2" "$6" "$3" "$MIN_DATE" "|days=$5"
else
${PRINTF} "%-35s %-17s %-8s %-11s %4d\n" "$1:$2" "$6" "$3" "$MIN_DATE" "$5"
fi
elif [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${VALIDATION}" = "TRUE" ]; then
${PRINTF} "%-35s %-35s %-32s %-17s\n" "$1:$2" "$7" "$8" "$6"

if [ "${JSONL}" = "TRUE" ]; then
echo "{\"host\":\"$1\",\"port\":\"$2\",\"common_name\":\"$7\",\"serial\":\"$8\",\"issuer\":\"$6\"}"
else
${PRINTF} "%-35s %-35s %-32s %-17s\n" "$1:$2" "$7" "$8" "$6"
fi
elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then
MIN_DATE=$(echo "$4" | "${AWK}" '{ printf "%3s %2d, %4d", $1, $2, $4 }')
if [ "${NAGIOS}" = "TRUE" ]; then
if [ "${JSONL}" = "TRUE" ]; then
echo "{\"host\":\"$1\",\"port\":\"$2\",\"status\":\"$3\",\"expires\":\"$4\",\"days\":\"$5\"}"
elif [ "${NAGIOS}" = "TRUE" ]; then
${PRINTF} "%-47s %-12s %-12s %s\n" "$1:$2" "$3" "$MIN_DATE" "|days=$5"
else
${PRINTF} "%-47s %-12s %-12s %4d\n" "$1:$2" "$3" "$MIN_DATE" "$5"
fi
elif [ "${QUIET}" != "TRUE" ] && [ "${VALIDATION}" = "TRUE" ]; then
${PRINTF} "%-35s %-35s %-32s\n" "$1:$2" "$7" "$8"
if [ "${JSONL}" = "TRUE" ]; then
echo "{\"host\":\"$1\",\"port\":\"$2\",\"common_name\":\"$7\",\"serial\":\"$8\"}"
else
${PRINTF} "%-35s %-35s %-32s\n" "$1:$2" "$7" "$8"
fi
fi
}

Expand All @@ -526,6 +540,9 @@ prints()
####################################################
print_heading()
{
if [ "${JSONL}" = "TRUE" ]; then
return
fi
if [ "${NOHEADER}" != "TRUE" ]; then
if [ "${QUIET}" != "TRUE" ] && [ "${ISSUER}" = "TRUE" ] && [ "${NAGIOS}" != "TRUE" ] && [ "${VALIDATION}" != "TRUE" ]; then
${PRINTF} "\n%-35s %-17s %-8s %-11s %-4s\n" "Host" "Issuer" "Status" "Expires" "Days"
Expand Down Expand Up @@ -627,6 +644,7 @@ usage()
echo " -f cert file : File with a list of FQDNs and ports"
echo " -h : Print this screen"
echo " -i : Print the issuer of the certificate"
echo " -j : Print each line as a JSON object"
echo " -k password : PKCS12 file password"
echo " -n : Run as a Nagios plugin"
echo " -N : Run as a Nagios plugin and output one line summary (implies -n, requires -f or -d)"
Expand Down Expand Up @@ -804,7 +822,7 @@ check_file_status() {
#################################
### Start of main program
#################################
while getopts abc:d:e:E:f:hik:nNp:qs:St:Vx: option
while getopts abc:d:e:E:f:hijk:nNp:qs:St:Vx: option
do
case "${option}" in
a) ALARM="TRUE";;
Expand All @@ -817,6 +835,7 @@ do
h) usage
exit 1;;
i) ISSUER="TRUE";;
j) JSONL="TRUE";;
k) PKCSDBPASSWD=${OPTARG};;
n) NAGIOS="TRUE";;
N) NAGIOS="TRUE"
Expand Down