SSL checking CLI and BASH scripts

How to check when will expired SSL certificate by domain?

Using CLI:

openssl

~ # echo | openssl s_client -servername elitarno.com -connect elitarno.com:443 2>/dev/null | openssl x509 -noout -dates

notBefore=Oct 6 00:00:00 2019 GMT
notAfter=Oct 5 12:00:00 2020 GMT

curl

~ # curl --insecure -v https://elitarno.com 2>&1 | awk 'BEGIN { cert=0 } /^* SSL connection/ { cert=1 } /^*/ { if (cert) print }'

  • SSL connection using TLSv1.2 / DHE-RSA-AES256-GCM-SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: CN=elitarno.com
  • start date: Oct 6 00:00:00 2019 GMT
  • expire date: Oct 5 12:00:00 2020 GMT
  • issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Encryption Everywhere DV TLS CA - G2
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • Using Stream ID: 1 (easy handle 0x5571ee7f4f50)
  • Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
  • Connection #0 to host elitarno.com left intact

Using Bash script:

https://gist.github.com/cgmartin/49cd0aefe836932cdc96

Zabbix SSL monitoring:

https://www.zabbix.com/forum/zabbix-cookbook/380485-ssl-monitoring-with-zabbix

Have You More questions? Please be free to ask us your questions in the
Dzhumaiev.Slack.com channel 🙂