From 555d0e8bfc8d3773fa05302303b43ed43e5f27a1 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Mon, 23 Jan 2023 17:27:34 +0100 Subject: check-certificates: make the warning time configurable --- check-certificates | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'check-certificates') diff --git a/check-certificates b/check-certificates index 9802cde..2bf2443 100644 --- a/check-certificates +++ b/check-certificates @@ -13,6 +13,7 @@ :global CertRenewPass; :global CertRenewTime; :global CertRenewUrl; +:global CertWarnTime; :global Identity; :global CertificateAvailable @@ -103,7 +104,8 @@ $WaitFullyConnected; } } -:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) expires-after<2w !(fingerprint=[]) ] do={ +:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) \ + expires-after<$CertWarnTime !(fingerprint=[]) ] do={ :local CertVal [ /certificate/get $Cert ]; :if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={ -- cgit v1.2.3-70-g09d2