aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2018-07-05 15:29:26 +0200
committerGravatar Christian Hesse <mail@eworm.de>2018-07-05 15:34:08 +0200
commite1f134ead584c7b2e9ed406f5520d7f1a23294aa (patch)
tree929660280fb0acc183401d7e59a40f1cd7e8992c /check-certificates
parent1d99dc38ff1f583d6e46adc5d1ba3455114d53c1 (diff)
add scripts
Diffstat (limited to 'check-certificates')
-rw-r--r--check-certificates52
1 files changed, 52 insertions, 0 deletions
diff --git a/check-certificates b/check-certificates
new file mode 100644
index 0000000..925187d
--- /dev/null
+++ b/check-certificates
@@ -0,0 +1,52 @@
+# RouterOS script: check-certificates
+# Copyright (c) 2013-2018 Christian Hesse <mail@eworm.de>
+#
+# check for certificate validity
+
+:global "identity";
+:global "email-general-to";
+:global "email-general-cc";
+
+:local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec");
+
+:local currentdate [ / system clock get date ];
+
+:local currentmonthstr [ :pick $currentdate 0 3 ];
+:local currentday [ :pick $currentdate 4 6 ];
+:local currentyear [ :pick $currentdate 7 11 ];
+:local currentmonth ([ :find $months $currentmonthstr -1 ] + 1);
+:local currentstamp ($currentyear * 365 + $currentmonth * 30 + $currentday);
+
+:foreach cert in=[ / certificate find where !revoked ] do={
+ :local certname [ / certificate get $cert name ];
+ :local invaliddate [ / certificate get $cert invalid-after ];
+
+ :if ([ :len $invaliddate ] > 0) do={
+ :local invalidmonthstr [ :pick $invaliddate 0 3 ];
+ :local invalidday [ :pick $invaliddate 4 6 ];
+ :local invalidyear [ :pick $invaliddate 7 11 ];
+ :local invalidmonth ([ :find $months $invalidmonthstr -1 ] + 1);
+ :local invalidstamp ($invalidyear * 365 + invalidmonth * 30 + invalidday);
+
+ :local remaining ($invalidstamp - $currentstamp);
+
+ :if ($remaining < 15) do={
+ :local commonname [ / certificate get $cert common-name ];
+ :local fingerprint [ / certificate get $cert fingerprint ];
+ :local invalidbefore [ / certificate get $cert invalid-before ];
+ :local invalidafter [ / certificate get $cert invalid-after ];
+ / tool e-mail send to=$"email-general-to" cc=$"email-general-cc" \
+ subject=("[" . $identity . "] Certificate warning!") \
+ body=("A certificate on " . $identity . " is about to expire.\n\n" . \
+ "Certificate Name: " . $certname . "\n" . \
+ "Common Name: " . $commonname . "\n" . \
+ "Fingerprint: " . $fingerprint . "\n" . \
+ "Validity: " . $invalidbefore . " to " . $invalidafter);
+ :log warning ("A certificate is about to expire within " . $remaining . " days: " . $certname);
+ } else={
+ :log debug ("The certificate " . $certname . " expires in " . $remaining . " days.");
+ }
+ } else={
+ :log debug ("The certificate " . $certname . " is just a template.");
+ }
+}