Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

OpenVPN Certificate Status

This script checks the lifetime of the OpenVPN Certifications, only Roadwarrior.

This script may be used, expanded and supplemented. Thanks again to ummeegge for his work!

OVP-Check Cert Script

The script was exemplarily saved on /mnt/mo_scripts/ directory. The script needs to be made ‚Äč‚Äčexecutable.

This script must be stored on the server side.

filename = ovpcertstat.sh

#!/bin/bash -

# cert_check.sh
#
# ummeegge 01.09.2014
##################################################################
# This script checks OpenVPNs index.txt for how much time is left
# until a client certificate will be expired.
# Also the host and N2N certificates are excluded.
# Time should be configured by the individual needs,
# but is currently configured to 5 days.
# In here --> https://forum.ipfire.org/viewtopic.php?f=17&t=11513 ,
# a topic can be found for corrections or enhancements.
#

set -x

## How much days should be left until an alert should be fired
# ----- PLEASE EDIT HERE YOUR DESIRED DAYS -----
ALERT="5";

## Paths
FILE="/var/ipfire/ovpn/certs/index.txt";
MAIL="/tmp/list";

## Searcher
certs_date=$(awk '/^V/ {print $2}' ${FILE} | cut -c1-6 | grep '^1');

## Time values
NOW=$(date +%s);
# 24 hours in seconds
DAY="86400";

## Mail preparation
# Copy reduced index.txt list to /tmp.
# Without already revoked and host certificate
echo -e "\033[1;36m List of OpenVPN certificate expiration dates from $(date) \033[0m" > ${MAIL};
echo >> ${MAIL};
echo "These days are from the following copy of index.txt in listing order calculated." >> ${MAIL};
echo >> ${MAIL};
awk '/^V/ {print $2"\t", $3"\t", $5"\t"}' ${FILE} | sed '/^4.*Z/d' >> ${MAIL};

# Clarification of the content
echo >> ${MAIL};
echo -e "\033[1;36m Time until expiration in days: \033[0m" >> ${MAIL};
echo  >> ${MAIL}

## Calculation
for i in ${certs_date}
do
  # Convert index.txt time to UNIX time
  UNTIL=$(date -d "${i}" +%s)
  # Calculate differences
  DIFF=$(expr ${UNTIL} - ${NOW})
  # Convert UNIX time to days
  REST=$(expr ${DIFF} / ${DAY})
  # Text with integrated result
  echo "---------------------------------------------------------------------"
  echo "| There are still ${REST} days left until the certificate has expired"
done >> ${MAIL}

# Clarification of the content
echo >> ${MAIL};
echo -e "\033[1;36m Already revoked hosts and N2N certificate are not listed in here.\033[0m" >> ${MAIL};
echo >> ${MAIL};

# Checks calculated time in list
MAILALERT=$(awk '/^\| / {print $5}' ${MAIL});

# Check if Mail should be fired
for m in ${MAILALERT}
do
if (( "${ALERT}" >= "${m}" )); then
#    /usr/bin/gpg --encrypt -a --recipient ED9991FC ${MAIL};
#    /usr/local/bin/sendEmail -f username@web.de -t username@web.de \
#    -o tls=yes -s smtp.web.de:587 \
#    -xu username -xp "Mein_kryptisches_passwort" \
#    -vvv \
#    -m "This list contains certificates which will be expires in ${ALERT} days." \
#    -u "Test" \
#    -a "${MAIL}.asc";
  echo "I'll send you an e-mail";
else
  echo "I'll send you nothing ...";
fi
done

# Clean up /tmp
#rm -rf /tmp/list*;

# End of cert check

After depositing or creation the script must be still made executable:

chmod +x ovpcertstat.sh

Timing

For a regular check by the above script can be called by a Cronjob for the my-sendemail.sh Script.

fcrontab -e

Specify the desired frequency, here every 8 hours, for the cronjob.

# ovp cert status
0 */8 * * *     /mnt/harddisk/scripts/ovpcertstat.sh

Hint

The Sendmail-Function is off in this Script. Edit this lines to send the Status announcement to your E-Mail Address with or no GPG Key! Look like this: my-sendemail.sh

Edit Page ‐ Yes, you can edit!

Older Revisions • August 26 at 10:08 pm • Jon