Thursday, November 20, 2008

Monitoring SSL certificate expiration date

OK, last night I had the embarrassment of by my boss discovering that I did not renew the SSL certificate of a web site we run before the expiration date. But, more than the embarrassment, I felt stupid for not setting up a way to monitor the SSL certificates of our web sites and having a facility that would hammer me as the certificate expiration day get closer.

After bit of research, I found that I could have run openssl command below via a cron from anywhere in my network and monitor it:

openssl s_client -connect hostname:443 < /dev/null 2>&1 | openssl x509 -noout -enddate


Oh, well.

No comments: