This command will list certificates with dates.

keytool -list -v -keystore /path to file/truststore-sit.jks -storepass "password" | grep -e "Alias" -e "Valid" | grep 'until:' | sed 's/^.*until: //'

Output

Wed Feb 15 11:23:46 IST 2023
Thu Jun 22 05:29:59 IST 2023
Sun Oct 02 05:29:59 IST 2033
Mon Feb 12 05:29:59 IST 2024

I need to write a shell script where it can list certificates with dates and comapare them with today's date and list expired certificate and store them a file.

#!/bin/bash
#set -eux
date1=$(keytool -list -v -keystore /path to file/truststore-sit.jks -storepass "password" | grep -e "Alias" -e "Valid" | grep 'until:' | sed 's/^.*until: //')
echo "certificate with date"
$date1

now=$(date  %s)
cond=$(date -d $date1"  %s)

if [ $now -ge  $cond ]
then
    echo True
else
  echo "false"
fi

I need to list the certificates and compare each certificate's date (the 4 dates as mentioned above) with today's date and list only expired certifacte and send a mail message.

CodePudding user response：

Here's an awk for listing the expired certificates from the output of keytool -list -v. Because it's a simple comparison, you don't even need to convert the dates to epoch (which can also be done with any POSIX awk, as long as the dates are in the UTC timezone):

keytool -list -v ... |

awk -F ' (name|from|until): ' -v now="$(date  %Y%m%d%H%M%S)" '

    $1 == "Alias" { alias_name = $2 }

    $1 == "Valid" {

        # $3 -> "Mon Dec 31 14:10:36 UTC 2040"

        split($3,a,/[ :]/)
        a[2] = sprintf("d", (index("JanFebMarAprMayJunJulAugSepOctNovDec",a[2])   2) / 3)

        date = a[8] a[2] a[3] a[4] a[5] a[6]
        if (date <= now)
            print alias_name
    }
'

CodePudding user response：

Here's a quick solution that I came up with that should give you a start:

#!/usr/bin/env bash

keystore="$1"
storepass="$2"
now=$(date  %s)

keytool -list -v -keystore "$keystore" -storepass "$storepass" |
  sed -nr 's/^Alias name:\s*(.*)$/\1/p;s/Valid from:.*until: *(.*)/\1/p' |
  paste - - |
  while IFS=$'\t' read -r alias expires ; do
    expires_at=$(date -d "$expires"  %s)
    if ((expires_at < now)) ; then
      echo -e "$expires\t$alias"
    fi
  done

Just run that script with the keystone file as the first parameter and the password as the second and you should get output similar to:

Tue Apr 06 03:29:40 EDT 2021    debian:sonera_class_2_root_ca.pem
Thu Dec 08 06:10:28 EST 2022    debian:staat_der_nederlanden_ev_root_ca.pem
Wed Mar 25 07:03:10 EDT 2020    debian:staat_der_nederlanden_root_ca_-_g2.pem
Thu Jun 23 20:16:12 EDT 2022    debian:visa_ecommerce_root.pem