awk — Certificate Parsing

Extract certificate expiry date

openssl x509 -enddate -noout -in cert.pem | awk -F= '{print $2}'

Days until certificate expiry

openssl x509 -enddate -noout -in cert.pem | awk -F= '{cmd="date -d \""$2"\" +%s"; cmd|getline exp; close(cmd); print int((exp-systime())/86400), "days"}'

Check remote server certificate expiry

echo | openssl s_client -connect host:443 2>/dev/null | openssl x509 -noout -enddate | awk -F= '{print $2}'

Batch remote certificate check — multiple hosts

for h in host1 host2 host3; do
    echo -n "$h: "
    echo | openssl s_client -connect "$h":443 2>/dev/null | openssl x509 -noout -enddate | awk -F= '{print $2}'
done

Parse certificate chain — show subject and issuer per cert

openssl crl2pkcs7 -nocrl -certfile chain.pem | openssl pkcs7 -print_certs -noout | awk '/subject=|issuer=/{print}'

Find certificates expiring within 30 days

find /etc/ssl/certs -name "*.pem" -type f 2>/dev/null | while read cert; do
    openssl x509 -in "$cert" -noout -enddate 2>/dev/null
done | awk -F= '{
    cmd="date -d \""$2"\" +%s"; cmd|getline exp; close(cmd)
    days=int((exp-systime())/86400)
    if(days < 30) printf "WARNING: %d days — %s\n", days, $2
}'