At one time i had a perl Net::SSL script that would check the expiration on our boxes, and send a reminder. I don't use it anymore, but can try to dig it up if you need it.
We used MPKI from Verisign for a while, which would also send email reminders. And from the MPKI console, I could do a search on which certs would expire this month, etc. I've since switched our certs to IPSCA (http://certs.ipsca.com/). They offer free certs for edu domains. The intermediate cert is a pain, but works fine. We have a wildcard cert for *.selu.edu. Not great for security, but sure does make installing SSL on a new box pretty easy. They're all gonna expire on the same day, so that's a good reminder too. :) ray On Mon, 26 Nov 2007, Dustin Puryear wrote: > So, a little issue I see a lot is that SSL cert files seem to go > everywhere. I may see some under /var/shared/ssl/certs/, some under > application-specific directories (e.g., /etc/httpd/conf/ssl.*/, > /etc/ldap/), etc. > > What are your thoughts on: > > 1. Putting all certs under a standardized location, e.g., > /usr/shared/ssl/certs/, and then just chown'ing and chmod'ing them for a > little more security. > > 2. Keeping them in application-specific areas. > > Also, how are you keeping track of cert expiration? We usually get > emails from the SSL cert vendor about renewals, but.. > > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
