Scan and validate SSL certificates
npm install -g cmr1-ssl-validator
ssl-validator --help
# Scan & validate current directory
ssl-validator
# Scan & validate default Let's Encrypt directory
ssl-validator /etc/letsencrypt/live --recursive
# Scan & validate default dehydrated directory
ssl-validator /etc/dehydrated/certs --recursive
ssl-validator \
# Use recursive flag to group certs by directory
--recursive \
# Scan & validate default dehydrated directory
--directory /etc/dehydrated/certs \
# Provide cert & key file regular expressions
--certfile "^(fullchain|cert).pem$" \
--keyfile "^privkey.pem$" \
# Provide expiration period in days
--time 30 \
# Provide a slack webhook URL for notifications
--slack https://hooks.slack.com/services/foo/bar/foobar \
# Provide an executable hook to trigger with invalid certificate info
--hook /usr/bin/foo-bar \
# Validate certificates stored on AWS Certificate Manager (ACM)
--acm
npm install --save cmr1-ssl-validator
// Require cmr1-ssl-validator module
const SslValidator = require('cmr1-ssl-validator');
// Create a new validator with default options
const validator = new SslValidator();
// Run validator with default options
validator.run(err => {
if (err) {
// Something went wrong
validator.error(err);
} else {
// All finished
validator.log('Finished.');
}
});
// Require cmr1-ssl-validator module
const SslValidator = require('cmr1-ssl-validator');
// Create a new validator with default options
const validator = new SslValidator({
// Use recursive flag to group certs by directory
recursive: true,
// Scan & validate default dehydrated directory
directory: '/etc/dehydrated/certs',
// Provide cert & key file regular expressions
certfile: '^(fullchain|cert).pem$',
keyfile: '^privkey.pem$',
// Provide expiration period in days
time: 30,
// Provide a slack webhook URL for notifications
slack: 'https://hooks.slack.com/services/foo/bar/foobar',
// Provide an executable hook to trigger with invalid certificate info
hook: '/usr/bin/foo-bar',
// Validate certificates stored on AWS Certificate Manager (ACM)
acm: true
});
// Run validator with default options
validator.run(err => {
if (err) {
// Something went wrong
validator.error(err);
} else {
// All finished
validator.log('Finished.');
}
});
An executable can be called after completion with information about failure(s).
/path/to/hook EXIT_CODE [DOMAIN_LIST]
EXIT_CODE
is the exit status of the validator (0
or1
)DOMAIN_LIST
a list of invalid domains, grouped by certificate- Domains are joined by
,
- Groups are joined by
;
- Example:
abc.co,www.abc.co;xyz.co,www.xyz.co
- Two certs:
abc.co
&xyz.co
, both with alternate domain name:www.
- Two certs:
- Domains are joined by
/path/to/hook 0
/path/to/hook 1 abc.co,www.abc.co;xyz.co,www.xyz.co