Versions Compared

Old Version 9

changes.mady.by.user Marc Amouyal

Saved on

compared with

New Version 10

changes.mady.by.user Marc Amouyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
sl.ignoreCertificateErrors=true

...

Helpers

Check certificate expiration date

Here are Bash and PowerShell scripts that check the expiration dates of certificates in a Java keystore and notify you about certificates that are either expired or will expire in less than 30 days:

Bash

PowerShell

Code Block
languagebash
#!/bin/bash

# Path to your Java keystore
KEYSTORE_PATH="/path/to/your/keystore.jks"
# Keystore password
KEYSTORE_PASSWORD="your_keystore_password"

# Number of days for expiration threshold
EXPIRATION_THRESHOLD=30

# Get current date in epoch format
CURRENT_DATE=$(date +%s)

# Loop through each entry in the keystore
while IFS=' ' read -r alias; do
    # Get certificate expiration date
    expiration_date=$(keytool -list -v -keystore "$KEYSTORE_PATH" -storepass "$KEYSTORE_PASSWORD" -alias "$alias" | grep Valid | awk -F ',' '{print $2}' | sed 's/^[ \t]*//')

    # Convert expiration date to epoch format
    expiration_epoch=$(date -d "$expiration_date" +%s)

    # Calculate days until expiration
    days_until_expiration=$(( (expiration_epoch - CURRENT_DATE) / 86400 ))

    if (( days_until_expiration <= 0 )); then
        echo "Certificate '$alias' has already expired!"
    elif (( days_until_expiration <= EXPIRATION_THRESHOLD )); then
        echo "Certificate '$alias' will expire in $days_until_expiration days."
    fi
done < <(keytool -list -keystore "$KEYSTORE_PATH" -storepass "$KEYSTORE_PASSWORD" | grep "Alias name:" | awk -F ': ' '{print $2}')

exit 0
Code Block
languagepowershell
# Path to your Java keystore
$KeyStorePath = "C:\path\to\your\keystore.jks"

# Keystore password
$KeyStorePassword = "your_keystore_password"

# Number of days for expiration threshold
$ExpirationThreshold = 30

# Get the current date
$CurrentDate = Get-Date

# Load the keystore
$Keystore = [Security.Cryptography.X509Certificates.X509Certificate2Collection]::new()
$Keystore.Import($KeyStorePath, $KeyStorePassword, [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::DefaultKeySet)

# Loop through each certificate in the keystore
foreach ($cert in $Keystore) {
    $expirationDate = $cert.NotAfter

    # Calculate days until expiration
    $daysUntilExpiration = ($expirationDate - $CurrentDate).Days

    if ($expirationDate -lt $CurrentDate) {
        Write-Host "Certificate '$($cert.Subject)' has already expired!"
    }
    elseif ($daysUntilExpiration -le $ExpirationThreshold) {
        Write-Host "Certificate '$($cert.Subject)' will expire in $daysUntilExpiration days."
    }
}

$Keystore.Dispose()

Replace /path/to/your/keystore.jks with the actual path to your Java keystore file and your_keystore_password with your keystore password. Set appropriate permissions on the script file and execute it in a proper environment.
Please note that this script assumes that the keytool command is available in your environment (usually comes with Java installations). Also, ensure that you have the necessary permissions to access the keystore file.

Download an SSL certificate and save locally

Bash

PowerShell

Code Block
languagebash
#!/bin/bash

# Function to download SSL certificate
download_ssl_certificate() {
  local url=$1
  local port=${2:-443}
  local output_file=${3:-certificate.pem}

  # Extract the hostname from the URL
  local hostname=$(echo $url | awk -F[/:] '{print $4}')

  # Use openssl to get the certificate and save it to a file
  echo | openssl s_client -connect ${hostname}:${port} -servername ${hostname} 2>/dev/null | openssl x509 > ${output_file}

  echo "Certificate downloaded and saved as ${output_file}"
}

# Example usage
download_ssl_certificate "https://mycompany.sealights.co"
Code Block
languagepowershell
# Function to download SSL certificate
function Download-SSLCertificate {
    param (
        [string]$url,
        [int]$port = 443,
        [string]$outputFile = "certificate.cer"
    )

    $hostname = ([System.Uri]$url).Host

    $tcpClient = New-Object Net.Sockets.TcpClient
    $tcpClient.Connect($hostname, $port)
    $sslStream = New-Object Net.Security.SslStream($tcpClient.GetStream(), $false, ({$true}))
    $sslStream.AuthenticateAsClient($hostname)

    $cert = $sslStream.RemoteCertificate
    $bytes = $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert)
    [System.IO.File]::WriteAllBytes($outputFile, $bytes)

    $sslStream.Close()
    $tcpClient.Close()

    Write-Output "Certificate downloaded and saved as $outputFile"
}

# Example usage
Download-SSLCertificate -url "https://mycompany.sealights.co"

Filter by label (Content by label)
showLabelsfalse
max5
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@1422e
showSpacefalse
sortmodified
typepage
reversetrue
labelscertificate ssl tls pkix
cqllabel in ( "pkix" , "certificate" , "tls" , "ssl" ) and type = "page" and space = "SUP"

...