Community discussions

MikroTik App
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Fri May 02, 2008 11:14 pm

Check certificate "valid days" and send email if lover than Xdays

Mon Nov 21, 2022 10:40 am

Hello,
first of all, Im bad at scripting :/
can I have someone more skilled to do this scenario script? I think Im not the only one who would appreciated this when using certificates in mikrotik (for example for OVPN)

- check all certificates in store for days valid
- if any certificate is lower than X days (need to be configurable)
- get system identity, certificate name, certificate common name, fingerprint, number of days till expired
- send info via tool email to email address (need to be configurable)


thank you in advance
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Check certificate "valid days" and send email if lover than Xdays

Mon Nov 21, 2022 12:05 pm

replace :put with something that sent that string by mail.
{
:local days 21d ; # Keep the d for days at the end, or can be used w for week
/certificate
:foreach item in=[find] do={
    :if (([get $item expires-after] < $days) and ![get $item expired]) do={
        :put "On >$[/sys id get name]< the certificate $[get $item name] ($[get $item common-name]) \
              [$[get $item fingerprint]] expires after $[get $item expires-after] ($[get $item invalid-after])"
    }
    :if ([get $item expired]) do={
        :put "On >$[/sys id get name]< the certificate $[get $item name] ($[get $item common-name]) \
              [$[get $item fingerprint]] ALREADY EXPIRED on $[get $item invalid-after]"
    }
}
}
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Fri May 02, 2008 11:14 pm

Re: Check certificate "valid days" and send email if lover than Xdays

Mon Nov 21, 2022 1:00 pm

Thank you, i have made some changes, but Im not succesful with this
{
edited, fixed in next post
}
Last edited by Krusty on Mon Nov 21, 2022 2:01 pm, edited 1 time in total.
 
Krusty
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 75
Joined: Fri May 02, 2008 11:14 pm

Re: Check certificate "valid days" and send email if lover than Xdays  [SOLVED]

Mon Nov 21, 2022 2:00 pm

Got it working

here it is :)
# days - Keep the d for days at the end, or can be used w for week
# mailto - Email where to send info
# subject1 - Email subject for soon to be expired
# subject2 - Email subject for expired certificates

{
:local days 30d;
:local mailto "admin@domain.com";
:local subject1 "Certificate expires soon";
:local subject2 "Certificate expired";
/certificate
:foreach item in=[find] do={
    :if (([get $item expires-after] < $days) and ![get $item expired]) do={
       :tool e-mail send to=$mailto subject=$subject1 body="Hello,\n\nCertificate on Mikrotik named $[/sys id get name] is about to expire \n\ncertificate name:\t$[get $item name] \ncommon name:\t($[get $item common-name])\nfingerpint:\t\t[$[get $item fingerprint]]\n\nexpires after:\t\t$[get $item expires-after]\nexpiration date:\t($[get $item invalid-after])"
    }
    :if ([get $item expired]) do={
        :tool e-mail send to=$mailto subject=$subject2 body="Hello,\n\nCertificate on Mikrotik named $[/sys id get name] expired \n\ncertificate name:\t$[get $item name] \ncommon name:\t($[get $item common-name])\nfingerpint:\t\t[$[get $item fingerprint]]\n\nEXPIRED on:\t\t$[get $item invalid-after]"
    }
  }
}
Last edited by Krusty on Thu Nov 24, 2022 8:34 am, edited 2 times in total.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Check certificate "valid days" and send email if lover than Xdays

Mon Nov 21, 2022 6:12 pm

You may be interested in my script to Renew certificates and notify on expiration. It does what you need, and a lot more.

Who is online

Users browsing this forum: rano and 21 guests