From c335b30623864dd9cb4b4bc636b00b15fe7e52c9 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Fri, 4 Sep 2020 14:50:13 +0200
Subject: [PATCH] `cert-expirations.sh` script to print out certificates
 expiration dates

---
 cert-expirations.sh | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 cert-expirations.sh

diff --git a/cert-expirations.sh b/cert-expirations.sh
new file mode 100644
index 0000000..a3081a8
--- /dev/null
+++ b/cert-expirations.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+echo "CA certificate:"
+openssl x509 -enddate -noout -in /etc/shellpki/cacert.pem \
+    | cut -d '=' -f 2 \
+    | sed -e "s/^\(.*\)\ \(20..\).*/- \2 \1/"
+
+echo ""
+
+echo "Client certificates:"
+grep "Not After" -r /etc/shellpki/certs/ \
+    | sed -e "s/^.*certs\/\([-.a-z0-9]*\).*After\ :\ \(.*\).*GMT$/\2\1X/" \
+    | sed -e "s/^\(.*\)\ \(20..\)\ \(.*\)$/- \2 \1 \3/" \
+    | tr "X" "\n" \
+    | sed '/^$/d' \
+    | sort -n -k 2 -k 3M -k 4