We are using SSL vHosts1 a lot for our server. All certs are signed by CAcert2 with a 2 years validity. That’s lasts not very long and have to be checked frequently.
So how to do that?
vhost=hg.xilab.net ; \ echo QUIT | gnutls-cli $vhost --print-cert \ | grep "CN=$vhost"
The command gnutls-cli --print-cert
connects via sni to the host and prints the whole certificate-chain. In this case the expires line of the host-cert is our target. Voila
-
The tech is called SNI Server Name Indication ↩︎