On 27 Feb 2013, at 18:01, Michiel Beijen wrote:
> Hi,
> Op 27 feb. 2013 17:38 schreef "Sebastien Koechlin" <seb.p...@koocotte.org>
> het volgende:
>
> > For https; I would like to also check the certificat expiration date and
> > report a WARNING if the expiration date is in few weeks.
> >
> > Is there any way to access the certificat sent by the remote server using
> LWP?
>
> I think you can not do that via LWP, but you could use
> http://search.cpan.org/~hirose/Net-SSL-ExpireDate-1.10/lib/Net/SSL/ExpireDate.pm
I find that using (and parsing) the output of openssl s_client
openssl s_client -connect www.news.com:443 -CAfile root.pem
works well - as that lets you also detect expiry of intermediate certificates.
With
-showcerts one can also send the results of 'openssl verify' and catch a whole
raft of other issues too - which go a bit beyond the expiry.
Dw.
