diff options
author | Christian Hesse <mail@eworm.de> | 2020-04-24 14:26:00 +0200 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2020-04-24 14:38:29 +0200 |
commit | 85f9c5d62e3871f62775e7e8732bbe4bec940590 (patch) | |
tree | 672df69ad5d234d88e86f6895643007495e6688b /check-certificates | |
parent | 1e12c0e159e0968fa8be73cf240d77263f1aec2b (diff) |
check-certificates: exclude issued certificates on SCEP server
Diffstat (limited to 'check-certificates')
-rw-r--r-- | check-certificates | 36 |
1 files changed, 20 insertions, 16 deletions
diff --git a/check-certificates b/check-certificates index cd3b580..0964bde 100644 --- a/check-certificates +++ b/check-certificates @@ -100,21 +100,25 @@ :foreach Cert in=[ / certificate find where !revoked !scep-url expires-after<2w fingerprint~"." ] do={ :local CertVal [ / certificate get $Cert ]; - :local ExpiresAfter [ $FormatExpire ($CertVal->"expires-after") ]; - :local State "is about to expire"; - :if (($CertVal->"expired") = true) do={ - :set ExpiresAfter "expired"; - :set State "expired"; - } + :if ([ / certificate scep-server print count-only where ca-cert=($CertVal->"ca") ] > 0) do={ + $LogPrintExit debug ("Certificate \"" . ($CertVal->"name") . "\" is handled by SCEP, skipping.") false; + } else={ + :local ExpiresAfter [ $FormatExpire ($CertVal->"expires-after") ]; + :local State "is about to expire"; + :if (($CertVal->"expired") = true) do={ + :set ExpiresAfter "expired"; + :set State "expired"; + } - $SendNotification ("Certificate warning!") \ - ("A certificate on " . $Identity . " " . $State . ".\n\n" . \ - "Name: " . ($CertVal->"name") . "\n" . \ - "CommonName: " . ($CertVal->"common-name") . "\n" . \ - "Fingerprint: " . ($CertVal->"fingerprint") . "\n" . \ - "Issuer: " . ($CertVal->"ca") . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\n" . \ - "Validity: " . ($CertVal->"invalid-before") . " to " . ($CertVal->"invalid-after") . "\n" . \ - "Expires in: " . $ExpiresAfter); - $LogPrintExit warning ("The certificate " . ($CertVal->"name") . " " . $State . \ - ", it is invalid after " . ($CertVal->"invalid-after") . ".") false; + $SendNotification ("Certificate warning!") \ + ("A certificate on " . $Identity . " " . $State . ".\n\n" . \ + "Name: " . ($CertVal->"name") . "\n" . \ + "CommonName: " . ($CertVal->"common-name") . "\n" . \ + "Fingerprint: " . ($CertVal->"fingerprint") . "\n" . \ + "Issuer: " . ($CertVal->"ca") . ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") . "\n" . \ + "Validity: " . ($CertVal->"invalid-before") . " to " . ($CertVal->"invalid-after") . "\n" . \ + "Expires in: " . $ExpiresAfter); + $LogPrintExit warning ("The certificate " . ($CertVal->"name") . " " . $State . \ + ", it is invalid after " . ($CertVal->"invalid-after") . ".") false; + } } |