Roy Johnson has asked for the wisdom of the Perl Monks concerning the following question:

I tried c.l.p.m. for this question, and was met with absolute silence. Good for meditating, not so good for getting the job done.

My task is to check the expiration dates of security certificates, so we'll know when we need to renew them. I'm not terribly SSL savvy, but this should be really basic, right?

Web searches pointed me to Net::SSLeay, which I'm wading through without getting a great understanding of what's important. I've built some code by example, and would appreciate some input from those with expertise, regarding:

Code:

use strict;
use warnings;

use Net::SSLeay qw(die_now die_if_ssl_error);
Net::SSLeay::load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();   # Important!
Net::SSLeay::randomize();

my $cert_path = '/path/to/cert.pem';
my $key_path  = '/path/to/notacakeynopass.pem';

my $ctx = Net::SSLeay::new_x_ctx() or die("Failed to create CTX $!");
Net::SSLeay::set_cert_and_key($ctx, $cert_path, $key_path);

my $ssl = Net::SSLeay::new($ctx) or die("Failed to create SSL $!");
my $cert = Net::SSLeay::dump_peer_certificate($ssl);

## Presumably, the expiration will be in here somewhere
print "Cert is ", length($cert), "bytes\n";
print $cert, "\n";

[download]

Replies are listed 'Best First'.
Re: Security certificate expiration dates
by jasonk (Parson) on Oct 28, 2003 at 23:36 UTC

    If you are using openssl, it is much easier to use the openssl binary to find out the expiration date rather than try to write your own code...

    # openssl x509 -enddate -noout < server.crt
    notAfter=May 20 22:51:53 2003 GMT
    We're not surrounded, we're in a target-rich environment!
[reply]

Back to Seekers of Perl Wisdom