Hi, today I was thinking about implementing a similar tool, and uploading it to Debian. I’d done a few things differently: * I’d simply process all certificates found in /etc, i.e. every file called .pem or .crt that seems to be a SSL certificate. This way, certs used by mail and jabber servers are also found. * I’d send a report only if any cert is about to expire, but in that case, send one mail containing every cert that is about to expire; likely several certs expire together. And just for good measure, the report would include the times to expiration for all found certs, to give the admin a better overview of what certs are there (and what certs are found). * I’d include a nagios-check-compatible invocation as well. * I’d not run a daily check for things that expire in a month; weekly sounds more useful here. If these would be added to certwatch I’d be interested in maintaining them for Debian. Greetings, Joachim -- Joachim "nomeata" Breitner Debian Developer nomeata@debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C JID: nomeata@joachim-breitner.de | http://people.debian.org/~nomeata
Attachment:
signature.asc
Description: This is a digitally signed message part