CD2H gitForager

coreos/go-check-certs

Name: go-check-certs

Owner: CoreOS

Description: A utility to check validity and expiration dates of SSL certificates, written in Golang.

Created: 2015-11-30 23:55:02.0

Updated: 2017-03-27 03:23:24.0

Pushed: 2015-12-01 00:21:50.0

Homepage: null

Size: 8

Language: Go

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

go-check-certs

This is a simple utility written in Go to check SSL certificates for a list of hosts. Each certificate in the host's certificate chain is checked for the following:

Expiration date. By default, you will be warned if a certificate will expire within 30 days. This can be adjusted with -years=X, -months=X, and/or -days=X.
Signature algorithm. Some algorithms have already been sunset, others are in the process of being sunset. This can be spammy, so you can disable the check with -check-sig-alg=false.

Usage looks something like:

-check-certs -hosts="./path/to/file/with/hosts"

The hosts file is simply a single hostname:port per line. Empty lines or lines that start with # are ignored.

Self-signed certificates

go-check-certs is able to validate signature algorithms and expiration dates for self-signed certificates.

Prefix insecure host urls that cannot be verfied against the root CA with “i “.

tps://self-signed.example.com

go-check-certs will skip verifying self-signed.example.com's cert, but will perform the same signing algorithm and expiration checks on all certs in the bundle. Please be warned that this approach is vulnerable to mitm attacks, as the cert is not verfied against the root CA.

Current limitations:

A certificate must be valid for it to be checked.

License:

right (c) 2013, Ryan Rogers
rights reserved.

stribution and use in source and binary forms, with or without
fication, are permitted provided that the following conditions are met: 

edistributions of source code must retain the above copyright notice, this
ist of conditions and the following disclaimer. 
edistributions in binary form must reproduce the above copyright notice,
his list of conditions and the following disclaimer in the documentation
nd/or other materials provided with the distribution. 

 SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
ANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
LAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
LUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
NY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
LUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
WARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.