3 个版本
| 0.1.2 | 2024 年 5 月 5 日 |
|---|---|
| 0.1.1 | 2023 年 8 月 22 日 |
| 0.1.0 | 2023 年 8 月 21 日 |
#1102 在 命令行工具
152 每月下载量
20KB
365 行
Certo,证书到期看门狗
Certo 会检查主机的证书(目前仅通过 HTTP1.1),并报告其发现(可选地序列化为 JSON)。
这使得它可以定期通过 cron 或 CI 工具检查您的证书,JSON 输出可以轻松集成到管道中。
用法
Usage: certo [OPTIONS] <HOSTS>...
Arguments:
<HOSTS>... [List of] Hosts to check the certificates of
Options:
-d <DAYS_TO_EXPIRATION> Warn about near expiration if within this number of days of the cert's notAfter [default: 5]
-c <CUSTOM_CA_CERTS> Custom root PEM certificates to use for verification. Can be either a certificate, or a collection of concatenated PEM certs (certificate bundle)
-F, --force-system-root-store Force use of the system-installed root certificate store if default behaviour is overriden by use of custom root certificates
-j, --json Output results in json format for further processing
-h, --help Print help information
-V, --version Print version information
示例
测试一个正常工作的网站
$ RUST_LOG=info certo google.com
[2023-08-22T19:13:12Z INFO certo] [ PASS ] google.com: 61 days remaining
$ echo $?
0
Certo 如果最大到期天数过大则会出错
$ certo -d 62 google.com
Finished dev [unoptimized + debuginfo] target(s) in 0.06s
Running `target/debug/certo -d 62 google.com`
[2023-08-22T19:29:40Z ERROR certo] [ FAIL ] google.com: Certificate about to expire in 61 days < 62
Error: CertoTestFailure(1)
测试一个过期的证书
$ certo expired.badssl.com
[2023-08-22T19:25:07Z ERROR certo] [ FAIL ] expired.badssl.com: Invalid Certificate: invalid peer certificate: Expired.
Error: CertoTestFailure(1)
测试多个网站,输出为 JSON
注意:在这种情况下,所有检查都必须通过才能总体成功
$ certo -j -d 62 microsoft.com google.com
Finished dev [unoptimized + debuginfo] target(s) in 0.06s
Running `target/debug/certo -j -d 62 microsoft.com google.com`
[
{
"hostname": "microsoft.com",
"success": true,
"message": "310 days remaining",
"remainingDays": 310
},
{
"hostname": "google.com",
"success": false,
"message": "Certificate about to expire in 61 days < 62",
"remainingDays": null
}
]
Error: CertoTestFailure(1)
注意:设置自定义 CA 证书将覆盖系统根存储
$ certo -j -d 62 -c tests/certs/isrgrootx1.pem google.com
[2023-08-22T19:47:23Z INFO certo::ssl_config] Added 1 and ignored 0 certificates from tests/certs/isrgrootx1.pem
[
{
"hostname": "google.com",
"success": false,
"message": "Invalid Certificate: invalid peer certificate: UnknownIssuer.",
"remainingDays": null
}
]
Error: CertoTestFailure(1)
您可以使用 --force-system-root-store 覆盖此设置
$ certo -j -d 62 -c tests/certs/isrgrootx1.pem --force-system-root-store google.com`
[2023-08-22T19:49:10Z INFO certo::ssl_config] Added 1 and ignored 0 certificates from tests/certs/isrgrootx1.pem
[
{
"hostname": "google.com",
"success": false,
"message": "Certificate about to expire in 61 days < 62",
"remainingDays": null
}
]
Error: CertoTestFailure(1)
依赖项
~16–27MB
~475K SLoC