本日老码给大家推举一款nginx下可以自动扫描ssl配置文件输出ssl证书有效韶光的小工具。工具利用方法很大略
./nginxSSLParse \ --folder=你的nginx配置hosts目录 \ --suffix=文件后缀默认conf \ --day=检测过期范围,默认10天
NAME: nginxSslParse - 扫描检讨ssl证书过期韶光USAGE: nginxSslParse [global options] command [command options] [arguments...]COMMANDS: help, h Shows a list of commands or help for one commandGLOBAL OPTIONS: --folder value --suffix value (default: "conf") --day value (default: 30) --help show help
利用参考截图
工具事理简介
读取三个参数(站点hosts目录、文件后缀、过期范围韶光单位天数)扫描指定目录下的所有host文件allConfFiles, err := filepath.Glob(path.Join(folder, "."+suffix))if err != nil {return err}//读取文件内容找到对应 ssl_certificate 指令文件for _, confFile := range allConfFiles { //如下 }}解析host文件指令ssl_certificate并获取配置config := p.Parse()directives := config.FindDirectives("ssl_certificate")if len(directives) == 0 { continue}sslFiles := directives[0].GetParameters()if len(sslFiles) == 0 { continue}if tmpFile, err := os.Stat(sslFiles[0]); err != nil || tmpFile.Size() == 0 { continue}解析证书拿到有效开始韶光、结束韶光,判断与给定的有效天数比拟过期并赤色输出提醒func parserSslFile(cliContext cli.Context, sslFile string) {sslRaw, err := os.ReadFile(sslFile)if err != nil {log.Printf("readSSLFile %s failed %v\n", sslFile, err)return}certDERBlock, _ := pem.Decode(sslRaw)if certDERBlock == nil {log.Print(err)return}x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)if err != nil {log.Print(err)return}if x509Cert.NotAfter.Before(time.Now().Add(time.Hour 24 time.Duration(cliContext.Int("day")))) {log.Printf("foundSSLFile %s StartAt=%s,EndAt=\u001B[0;31m%s\033[0m \n",sslFile,x509Cert.NotBefore.Format("2006-01-02 15:04"),x509Cert.NotAfter.Format("2006-01-02 15:04"),)} else {log.Printf("foundSSLFile %s StartAt=%s, EndAt=%s\n",sslFile,x509Cert.NotBefore.Format("2006-01-02 15:04"),x509Cert.NotAfter.Format("2006-01-02 15:04"),)}}
工具利用场景多见于利用免费一年证书域名,用于查看哪些域名证书即将过期。
工具已经在github开源
https://github.com/ixqbar/nginxSSLParse
欢迎各位收藏、关注、点赞!
