aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2020-04-24 14:26:00 +0200
committerGravatar Christian Hesse <mail@eworm.de>2020-04-24 14:38:29 +0200
commit85f9c5d62e3871f62775e7e8732bbe4bec940590 (patch)
tree672df69ad5d234d88e86f6895643007495e6688b /check-certificates
parent1e12c0e159e0968fa8be73cf240d77263f1aec2b (diff)
check-certificates: exclude issued certificates on SCEP server
Diffstat (limited to 'check-certificates')
-rw-r--r--check-certificates36
1 files changed, 20 insertions, 16 deletions
diff --git a/check-certificates b/check-certificates
index cd3b580..0964bde 100644
--- a/check-certificates
+++ b/check-certificates
@@ -100,21 +100,25 @@
:foreach Cert in=[ / certificate find where !revoked !scep-url expires-after<2w fingerprint~"." ] do={
:local CertVal [ / certificate get $Cert ];
- :local ExpiresAfter [ $FormatExpire ($CertVal->"expires-after") ];
- :local State "is about to expire";
- :if (($CertVal->"expired") = true) do={
- :set ExpiresAfter "expired";
- :set State "expired";
- }
+ :if ([ / certificate scep-server print count-only where ca-cert=($CertVal->"ca") ] > 0) do={
+ $LogPrintExit debug ("Certificate \"" . ($CertVal->"name") . "\" is handled by SCEP, skipping.") false;
+ } else={
+ :local ExpiresAfter [ $FormatExpire ($CertVal->"expires-after") ];
+ :local State "is about to expire";
+ :if (($CertVal->"expired") = true) do={
+ :set ExpiresAfter "expired";
+ :set State "expired";
+ }
- $SendNotification ("Certificate warning!") \
- ("A certificate on " . $Identity . " " . $State . ".\n\n" . \
- "Name: " . ($CertVal->"name") . "\n" . \
- "CommonName: " . ($CertVal->"common-name") . "\n" . \
- "Fingerprint: " . ($CertVal->"fingerprint") . "\n" . \
- "Issuer: " . ($CertVal->"ca") . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\n" . \
- "Validity: " . ($CertVal->"invalid-before") . " to " . ($CertVal->"invalid-after") . "\n" . \
- "Expires in: " . $ExpiresAfter);
- $LogPrintExit warning ("The certificate " . ($CertVal->"name") . " " . $State . \
- ", it is invalid after " . ($CertVal->"invalid-after") . ".") false;
+ $SendNotification ("Certificate warning!") \
+ ("A certificate on " . $Identity . " " . $State . ".\n\n" . \
+ "Name: " . ($CertVal->"name") . "\n" . \
+ "CommonName: " . ($CertVal->"common-name") . "\n" . \
+ "Fingerprint: " . ($CertVal->"fingerprint") . "\n" . \
+ "Issuer: " . ($CertVal->"ca") . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\n" . \
+ "Validity: " . ($CertVal->"invalid-before") . " to " . ($CertVal->"invalid-after") . "\n" . \
+ "Expires in: " . $ExpiresAfter);
+ $LogPrintExit warning ("The certificate " . ($CertVal->"name") . " " . $State . \
+ ", it is invalid after " . ($CertVal->"invalid-after") . ".") false;
+ }
}