class Object
Constants
- AFTER
- BEFORE
- NOW
Check certificate expiration date
Public Instance Methods
days()
click to toggle source
# File bin/check_certificate_chain, line 135 def days ((AFTER - NOW).to_i.abs / 86400).to_s end
is_root?(certificate)
click to toggle source
# File bin/check_certificate_chain, line 99 def is_root?(certificate) self_signed = certificate.exceptionless_verify certificate.public_key basic_constraints = certificate.extensions.find do |extension| extension.oid.eql?("basicConstraints") end return false if basic_constraints.nil? ca, value = basic_constraints.value.split(":") is_ca = ca.eql?("CA") && value.eql?("TRUE") self_signed && is_ca end
long_output(chain_certificate, output)
click to toggle source
# File bin/check_certificate_chain, line 234 def long_output(chain_certificate, output) output[:data] << "Common name: #{chain_certificate.subject.to_s[/CN=(.+)/, 1]}" sans = chain_certificate.extensions.find{|extension| extension.oid.eql?("subjectAltName")} unless sans.nil? sans = sans.value.delete("DSN:") output[:data] << "SANs: #{sans}" end output[:data] << chain_certificate.not_before.strftime("Valid from %B %-d, %Y ") + chain_certificate.not_after.strftime("to %B %-d, %Y") output[:data] << "Serial Number: #{chain_certificate.serial.to_s(16).downcase}" output[:data] << "Signature Algorithm: #{chain_certificate.signature_algorithm}" output[:data] << "Issuer: #{chain_certificate.issuer.to_s[/CN=(.+)/, 1]}" # output[:long] << "---\n" end
ocsp_post(ocsp_uri, ocsp_request)
click to toggle source
# File bin/check_certificate_chain, line 163 def ocsp_post(ocsp_uri, ocsp_request) Net::HTTP.start(ocsp_uri.host, ocsp_uri.port) do |http| http.post ocsp_uri.path, ocsp_request.to_der, {"Content-Type" => "application/ocsp-request"} end end
usage()
click to toggle source
# File bin/check_certificate_chain, line 28 def usage puts "Usage: script.rb servername:host:port", "Usage: script.rb host:port", "Usage: script.rb host", "Notice: if servername omitted, script takes host as TSL SNI servername", "Notice: if port is omitted script takes 443 as default" exit 1 end