#!/bin/ksh
#
# This script walks all over NNN.NNN.NNN.NNN
# and reports certs and their expiration dates.
#
# Phil Ehrens <pehrens@ligo.caltech.edu>
#
echo "<html>"
echo " <head></head>"
echo " <body>"
echo " <table>"
for j in 113 114 115 125;
do
for ((i=1 ; i<=256 ; i++))
do
addr=NNN.NNN.$j.$i
name=`dig -x $addr +short`
[ -z "$name" ] && name=$addr
#echo "$addr : '$name'"
openssl s_client -connect "$addr":443 >"$addr".tmp 2>/dev/null &
sleep 2
kill -s SIGTERM $! >/dev/null 2>&1
subject=`openssl x509 -in "$addr".tmp -noout -subject 2>/dev/null`
enddate=`openssl x509 -in "$addr".tmp -noout -enddate 2>/dev/null`
enddate=${enddate//notAfter=/}
now=`/bin/date -u +%s`
expiry=`/bin/date +%s -d "$enddate"`
days=$((($expiry - $now) / 86400))
rm -f "$addr".tmp
[ ! -z "$subject" ] && \
echo " <tr><td>$addr</td><td>$name</td><td>$subject</td><td>$enddate ($days days)</td></tr>"
done
done
echo " </table>"
echo " </body>"
echo "</html>"