NiceRath/ssl-validate.sh

## ssl-validate.sh
#!/bin/bash

if [ -z "$1" ]
then
  echo 'Provide the target hostname!'
  exit 1
fi

TARGET="$1"

if [ -z "$2" ]
then
  PORT='443'
else
  PORT="$2"
fi

set -euo pipefail

TIMEOUT=3
CA_PATH=/etc/ssl/certs
MIN_DAYS_LEFT=7

# Get certificate
cert="$(timeout "$TIMEOUT" openssl s_client -CApath "$CA_PATH" -servername "$TARGET" -verify_hostname "$TARGET" -connect "$TARGET":"$PORT" </dev/null 2>/dev/null )"

# Run checks
expire_date="$(echo "$cert" | openssl x509 -noout -dates | grep '^notAfter' | cut -d'=' -f2 )"
expire_date_epoch=$(date -d "$expire_date" +%s) || error "Failed to get expire date"
current_date_epoch=$(date +%s)
days_left=$(( (expire_date_epoch - current_date_epoch)/(3600 * 24) ))

if (( days_left < MIN_DAYS_LEFT ))
then
  echo '0'
  exit 1
fi

verified=$(echo "$cert" | grep 'Verify return code:' | cut -d ' ' -f4)
if [[ "$verified" != "0" ]]
then
  echo '0'
  exit 2
fi

echo '1'
exit 0
	#!/bin/bash

	if [ -z "$1" ]
	then
	echo 'Provide the target hostname!'
	exit 1
	fi

	TARGET="$1"

	if [ -z "$2" ]
	then
	PORT='443'
	else
	PORT="$2"
	fi

	set -euo pipefail

	TIMEOUT=3
	CA_PATH=/etc/ssl/certs
	MIN_DAYS_LEFT=7

	# Get certificate
	cert="$(timeout "$TIMEOUT" openssl s_client -CApath "$CA_PATH" -servername "$TARGET" -verify_hostname "$TARGET" -connect "$TARGET":"$PORT" </dev/null 2>/dev/null )"

	# Run checks
	expire_date="$(echo "$cert" \| openssl x509 -noout -dates \| grep '^notAfter' \| cut -d'=' -f2 )"
	expire_date_epoch=$(date -d "$expire_date" +%s) \|\| error "Failed to get expire date"
	current_date_epoch=$(date +%s)
	days_left=$(( (expire_date_epoch - current_date_epoch)/(3600 * 24) ))

	if (( days_left < MIN_DAYS_LEFT ))
	then
	echo '0'
	exit 1
	fi

	verified=$(echo "$cert" \| grep 'Verify return code:' \| cut -d ' ' -f4)
	if [[ "$verified" != "0" ]]
	then
	echo '0'
	exit 2
	fi

	echo '1'
	exit 0