x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.
|Tags||Systems Administration Security|
|Operating Systems||POSIX Linux OS Independent|
Release Notes: Works (again) around Y2K38 problems on systems with 32-bit Perl. Adds support for systemd timers alternatively to classical cron jobs. Excludes new Root Certificate Authority bundles "email-ca-bundle.pem", "objsign-ca-bundle.pem", and "tls-ca-bundle.pem" used by/for p11-kit, which are e.g. introduced with Fedora 19 and Red Hat Enterprise Linux 6.5.
Release Notes: This release works around the Y2K38 problem on systems with older 32-bit Perl. It excludes the new Root CA bundle "ca-bundle.trust.crt" in Fedora. It updates the copy of the GNU GPLv2 to reflect the new FSF address.
Release Notes: Mail from the cron job with x509watch output is now in the style of logwatch.
Release Notes: Avoid any dying when files are possibly encountered a second time. Inaccessible files or dangling symlinks will now cause only warnings. An option to include specified files (not only directories) has been added. An option to ignore (including globbing) specified files has been added. /etc/ssl has been added to default PKI paths (openSUSE, Debian, and Ubuntu). More distribution Root Certifiate Authority bundles are excluded. An option to suppress all access/dangling symlink warnings has been added.
Release Notes: This release replaces the find(1) call (from fileutils) with Perl's File::Find. It executes /usr/bin/openssl rather than openssl in $PATH by default; an alternative path to the OpenSSL binary can be set via a parameter. It uses IPC::Open3 rather than open() to pipe certificates to OpenSSL. It replaces the remaining open() with sysopen() for better file handling.