zbx-templates/Template App Nginx by Zabbix agent Enhanced/cert-check

58 lines
1.3 KiB
Plaintext
Raw Permalink Normal View History

2021-04-12 23:33:30 +02:00
#!/bin/bash
host=$1
port=$2
sni=$3
proto=$4
if [ -z "$sni" ]
then
servername=$host
else
servername=$sni
fi
if [ -z "$port" ]
then
port="443"
fi
if [ -n "$proto" ]
then
starttls="-starttls $proto"
fi
cert_data=`openssl s_client -servername $servername -host $host -port $port $starttls -prexit </dev/null 2>/dev/null | sed -n '/BEGIN CERTIFICATE/,/END CERT/p'`
if [ -n "$cert_data" ]; then
Rcert=true
validate_hostname=`echo "$cert_data" | openssl x509 -checkhost $servername 2>/dev/null | grep 'does NOT match certificate'`
if [ -z "$validate_hostname" ]; then
Rhostname=true
else
Rhostname=false
fi
end_date=`echo "$cert_data" | openssl x509 -dates -noout 2>/dev/null | sed -n 's/ *notAfter=*//p'`
if [ -n "$end_date" ]; then
end_date_seconds=`date '+%s' --date "$end_date"`
now_seconds=`date '+%s'`
remaining_days=`echo "($end_date_seconds-$now_seconds)/24/3600" | bc`
if [ "$remaining_days" -lt 0 ]; then
Rdays=0
else
Rdays=$remaining_days
fi
else
echo '-1'
fi
issue_dn=`echo "$cert_data" | openssl x509 -issuer -noout 2>/dev/null | sed -n 's/ *issuer=*//p'`
if [ -n "$issue_dn" ]; then
Rissuer=`echo $issue_dn | sed -n -e 's/, CN = / - /g' -e 's/.*O = //p'`
else
Rissuer=""
fi
else
Rcert=false
fi
echo "{ \"cert\": ${Rcert}, \"valid_hostname\": ${Rhostname}, \"remaining_days\": ${Rdays}, \"issuer\": \"${Rissuer}\"}"