LoginSignup
4
3

More than 5 years have passed since last update.

@wokamotoin株式会社デジタルキューブ (DigitalCube Co. Ltd. )

[Bash] シェルスクリプトで Nginx に設定されているサーバ証明書の情報を取得する

Last updated at Posted at 2017-07-07

こんなかんじ

chk-certificates.sh
#!/bin/bash
LF=$(printf '\\\012_')
LF=${LF%_}
TAB=$'\t'

_ssl_keys=$(find /etc/nginx/conf.d/ -type f -name '*.conf' | xargs grep ssl_certificate | grep -v ssl_certificate_key | sed 's/[#:;]//g' | sort | uniq | awk '{print $1,$3}')
IFS=$LF
for _ssl_key in ${_ssl_keys}; do
  _conf_file=$(echo ${_ssl_key} | awk '{print $1}')
  _cert_key=$(echo ${_ssl_key} | awk '{print $2}')
  if [ -f ${_cert_key} ]; then
    echo "Conf : ${TAB}${_conf_file}"
    echo "Key : ${TAB}${_cert_key}"
    cat ${_cert_key} | openssl x509 -text | grep 'Subject:' | sed "s/^[${TAB} ][${TAB} ]*//g" | awk -F: '{print $1" : ",$2}'
    cat ${_cert_key} | openssl x509 -text | grep 'DNS' | sed 's/,/'"$LF"'/g' | sed "s/^[${TAB} ][${TAB} ]*//g" | awk -F: '{print $1" : ",$2}'
    cat ${_cert_key} | openssl x509 -text | grep 'Not \(Before\|After\)' | sed 's/Not \(Before\|After \):/\1,/g' | sed "s/^[${TAB} ][${TAB} ]*//g" | awk -F, '{print $1" : ",$2}'
    echo
  fi
done

実行結果

# bin/chk-certificates.sh 
Conf :  /etc/nginx/conf.d/dogmap.jp-ssl.conf
Key :   /etc/letsencrypt/live/dogmap.jp/fullchain.pem
Subject :   CN=dogmap.jp
DNS :  dogmap.jp
DNS :  www.dogmap.jp
Before :   Jun 11 15:00:00 2017 GMT
After  :   Sep  9 15:00:00 2017 GMT

Conf :  /etc/nginx/conf.d/dogmap.jp-ssl.conf
Key :   /etc/letsencrypt/live/www.dogmap.jp/fullchain.pem
Subject :   CN=www.dogmap.jp
DNS :  www.dogmap.jp
Before :   May  7 15:00:00 2017 GMT
After  :   Aug  5 15:00:00 2017 GMT

Conf :  /etc/nginx/conf.d/lab.dogmap.jp-ssl.conf
Key :   /etc/letsencrypt/live/lab.dogmap.jp/fullchain.pem
Subject :   CN=lab.dogmap.jp
DNS :  lab.dogmap.jp
Before :   May 21 15:00:00 2017 GMT
After  :   Aug 19 15:00:00 2017 GMT

Conf :  /etc/nginx/conf.d/lets.ninja-ssl.conf
Key :   /etc/letsencrypt/live/lets.ninja/fullchain.pem
Subject :   CN=lets.ninja
DNS :  lets.ninja
Before :   May 14 15:00:00 2017 GMT
After  :   Aug 12 15:00:00 2017 GMT

Conf :  /etc/nginx/conf.d/lets.ninja-ssl.conf
Key :   /etc/letsencrypt/live/www.lets.ninja/fullchain.pem
Subject :   CN=www.lets.ninja
DNS :  www.lets.ninja
Before :   May  7 15:00:00 2017 GMT
After  :   Aug  5 15:00:00 2017 GMT

Conf :  /etc/nginx/conf.d/shot.dogmap.jp-ssl.conf
Key :   /etc/letsencrypt/live/shot.dogmap.jp/fullchain.pem
Subject :   CN=shot.dogmap.jp
DNS :  shot.dogmap.jp
Before :   May 21 15:00:00 2017 GMT
After  :   Aug 19 15:00:00 2017 GMT

Conf :  /etc/nginx/conf.d/test.dogmap.jp-ssl.conf
Key :   /etc/letsencrypt/live/test.dogmap.jp/fullchain.pem
Subject :   CN=test.dogmap.jp
DNS :  test.dogmap.jp
Before :   May 21 15:00:00 2017 GMT
After  :   Aug 19 15:00:00 2017 GMT

AWS なら EC2 Run Command で定期的に動かして、どっかに情報保存しておけば有効期限管理も楽になりますね。

4
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
4
3