0

This is regards checking SSL certificate expiry on a HP-UX box. No date -d available.

I have the following; 

#!/bin/bash 

# Exit script if program fails or an unset variable is used
    set -eu 

server="BLABLA"
port="443"
graceperiod_days="30" 

# Get expiry date of SSL certificate, in format 'Jan 31 11:59:00 2018 GMT'
enddate="$(openssl s_client -connect "$server:$port" 2>/dev/null | openssl x509 -noout -enddate | sed -e 's#notAfter=##')" 

# Get today's date in format DD-MM-YYYY
todaysdate="$(date "+%d-%m-%Y")"
    echo "Today's date is $todaysdate" 

# Convert $enddate to format DD-MM-YYYY
enddate_formatted=$(printf '%s\n' "$enddate" | awk '{printf "%02d-%02d-%04d\n",$2,(index("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3,$4}')
    echo "Certificate expiry date is $enddate_formatted" 

# Compare expiry date with today's date
if "$todaysdate" -ge "$("$enddate_formatted" - "$graceperiod_days")"
    then echo "$todaysdate is greater than $enddate_formatted. SSL certificate has expired!"
elif "$todaysdate" -lt "$("$enddate_formatted" - "$graceperiod_days")"
    then echo "$todaysdate is before $enddate_formatted. Everything is OK!"
else
    echo "ERROR"; fi

As far as I can tell, this should work, however the output is; 

Today's date is 29-08-2018
Certificate expiry date is 21-07-2018
./test[22]: 21-07-2018:  not found.
./test[22]: 29-08-2018:  not found.
./test[24]: 21-07-2018:  not found.
./test[24]: 29-08-2018:  not found.
ERROR

What's going wrong?

chepner
  • 497,756
  • 71
  • 530
  • 681
  • Use something more Posix-y than Linux, like the BSDs or Solaris. Or check the docs for [POSIX date](http://pubs.opengroup.org/onlinepubs/009604599/utilities/date.html). – jww Aug 29 '18 at 16:17
  • In general, IMHO, Perl is much more consistent across all the *"troublesome"* operating systems (SunOS, Solaris, AIX, HP-UX) and I would generally recommend looking for a Perl-based approach. – Mark Setchell Aug 29 '18 at 17:23

1 Answers1

0

First, you need dates in a form you can perform arithmetic on:

todaysdate_seconds=$(date +%s --date "$todaysdate")  # assuming GNU date
gp_seconds=$((graceperiod_days * 86400))
enddate_seconds=$(date +%s --date "$enddate_formatted")

Second, your if statement is missing a command whose exit status it can check. All you have are the arguments to such a command. Instead, use

if test "$todaysdate_seconds" -ge "$("$enddate_seconds" - "$gp_seconds")"; then

or the simpler bash arithmetic command

if (( todaysdate_seconds >= enddate_seconds - gp_seconds )); then
chepner
  • 497,756
  • 71
  • 530
  • 681
  • Thank you, really appreciated. As it's a HPUX box, GNU --date doesn't work (nor -d), do you know how best to format the 2 dates as seconds since epoch without using GNU date? –  Aug 29 '18 at 16:03
  • I'm unaware of what version of `date` ships with HPUX; consult the documentation. – chepner Aug 29 '18 at 16:32
  • (If you aren't using Linux, don't use the `linux` tag on your question.) – chepner Aug 29 '18 at 16:41