40 lines
1.4 KiB
Bash
Executable File
40 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
#####################################################################################
|
|
# Shellscript : Löschen der alten Zertifikate
|
|
# Autor : Jobst Heinermann, macenterprise gmbh, 09.11.2020
|
|
#####################################################################################
|
|
|
|
CERTIFICATE=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')
|
|
curr_Date=$(date +%s)
|
|
CERTIFICATE_wc=$(/usr/bin/security find-certificate -a | awk -F'"' '/labl/{print $4}' | grep "$CERTIFICATE" | wc -l)
|
|
defercal=$(($(/bin/date +%s) + 432000))
|
|
|
|
security find-certificate -a -c "$CERTIFICATE" -Z -p > /tmp/certs.pem
|
|
while read line; do
|
|
if [[ "$line" == *"--BEGIN"* ]]; then
|
|
cert=$line
|
|
else
|
|
cert="$cert"$'\n'"$line"
|
|
if [[ "$line" == *"--END"* ]]; then
|
|
echo "$cert" > /tmp/checkcert.pem
|
|
rawExp=$(openssl x509 -noout -enddate -in /tmp/checkcert.pem | cut -d= -f 2)
|
|
SHA_1=$(openssl x509 -noout -fingerprint -sha1 -in /tmp/checkcert.pem | cut -d= -f 2 | sed 's/://g')
|
|
certexpdateformatted=$(/bin/date -j -f "%b %d %T %Y %Z" "$rawExp" "+%s")
|
|
|
|
set -x
|
|
|
|
if [ "$certexpdateformatted" -ge "$defercal" ] && [ "$CERTIFICATE_wc" -ge "2" ]
|
|
then
|
|
echo "valid"
|
|
else
|
|
echo "expired"
|
|
#security delete-certificate -Z $SHA_1
|
|
echo "Zertifikat wurde gelöscht"
|
|
fi
|
|
|
|
echo "$CERTIFICATE has an expiration date of $rawExp."
|
|
fi
|
|
fi
|
|
done < /tmp/certs.pem
|
|
|
|
#jamf recon |