This script retrieves the certificate of the site you target:
#!/bin/sh # # usage: retrieve-cert.sh remote.host.name [port] # REMHOST=$1 REMPORT=${2:-443} echo |\ openssl s_client -connect ${REMHOST}:${REMPORT} 2>&1 |\ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
This script checks a list of sites for their expire date:
#!/bin/sh # for CERT in \ www.yourdomain.com:443 \ ldap.yourdomain.com:636 \ imap.yourdomain.com:993 \ do echo |\ openssl s_client -connect ${CERT} 2>/dev/null |\ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' |\ openssl x509 -noout -subject -dates done