2004-09-10 14:16:06 +00:00
|
|
|
<?xml version='1.0' encoding='utf-8'?>
|
|
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
2007-10-24 14:03:17 +00:00
|
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
|
|
|
|
|
|
|
|
<!ENTITY date SYSTEM "date.xml">
|
|
|
|
<!ENTITY version SYSTEM "version.xml">
|
|
|
|
|
|
|
|
]>
|
|
|
|
|
2004-09-10 14:16:06 +00:00
|
|
|
<refentry>
|
|
|
|
|
|
|
|
<refentryinfo>
|
2007-10-24 14:03:17 +00:00
|
|
|
<date>&date;</date>
|
|
|
|
<title>Cryptography Utilities</title>
|
2004-09-10 14:16:06 +00:00
|
|
|
<productname>crypto-utils</productname>
|
2007-10-24 14:03:17 +00:00
|
|
|
<productnumber>&version;</productnumber>
|
2004-09-10 14:16:06 +00:00
|
|
|
</refentryinfo>
|
|
|
|
|
|
|
|
<refmeta>
|
|
|
|
<refentrytitle>certwatch</refentrytitle>
|
|
|
|
<manvolnum>1</manvolnum>
|
|
|
|
</refmeta>
|
|
|
|
|
|
|
|
<refnamediv>
|
|
|
|
<refname>certwatch</refname>
|
|
|
|
<refpurpose>generate SSL certificate expiry warnings</refpurpose>
|
|
|
|
</refnamediv>
|
|
|
|
|
|
|
|
<refsynopsisdiv>
|
|
|
|
<cmdsynopsis>
|
|
|
|
<command>certwatch</command>
|
2005-04-26 09:20:45 +00:00
|
|
|
<arg choice="opt">OPTION...</arg>
|
2004-09-10 14:16:06 +00:00
|
|
|
<arg choice="plain"><replaceable>filename</replaceable></arg>
|
|
|
|
</cmdsynopsis>
|
|
|
|
</refsynopsisdiv>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Description</title>
|
|
|
|
|
|
|
|
<para>The <command>certwatch</command> program is used to issue
|
|
|
|
warning mail when an SSL certificate is about to expire.</para>
|
|
|
|
|
|
|
|
<para>The program has two modes of operation: normal mode and
|
|
|
|
quiet mode. In normal mode, the certificate given by the
|
|
|
|
<replaceable>filename</replaceable> argument is examined, and a
|
|
|
|
warning email is issued to standard output if the certificate is
|
|
|
|
outside its validity period, or approaching expiry. If the
|
|
|
|
certificate cannot be found, or any errors occur whilst parsing
|
|
|
|
the certificate, the certificate is ignored and no output is
|
2005-04-26 09:20:45 +00:00
|
|
|
produced. In quiet mode, no output is given, but the exit status
|
|
|
|
can still be used.</para>
|
2008-05-01 01:25:10 +00:00
|
|
|
|
|
|
|
<para>The certificate can be specified by its nickname or by a
|
|
|
|
path to the containing file.</para>
|
2004-09-10 14:16:06 +00:00
|
|
|
|
2005-04-26 09:20:45 +00:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Options</title>
|
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
|
|
|
|
<varlistentry>
|
2005-04-26 12:39:15 +00:00
|
|
|
<term><option>--quiet</option>, <option>-q</option></term>
|
2005-04-26 09:20:45 +00:00
|
|
|
|
|
|
|
<listitem><simpara>Enable quiet mode; no output is produced
|
|
|
|
whether the certificate is expired or not</simpara></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2005-04-26 12:39:15 +00:00
|
|
|
<term><option>--period <replaceable>days</replaceable></option>,
|
|
|
|
<option>-p <replaceable>days</replaceable></option></term>
|
2005-04-26 09:20:45 +00:00
|
|
|
|
|
|
|
<listitem><simpara>Specify the number of days within which an
|
|
|
|
expiry warning will be produced; default is 30. Expiry
|
|
|
|
warnings are always produced if, on the day of invocation, the
|
|
|
|
certificate is not yet valid, has already expired, or is due
|
|
|
|
to expire either that day or the following
|
|
|
|
day.</simpara></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
2005-04-26 12:39:15 +00:00
|
|
|
<term><option>--address <replaceable>address</replaceable></option>,
|
|
|
|
<option>-a <replaceable>address</replaceable></option></term>
|
2005-04-26 09:20:45 +00:00
|
|
|
|
|
|
|
<listitem><simpara>Specify the address used in the To field of
|
|
|
|
the warning e-mail issued if quiet mode is not enabled. The
|
|
|
|
default is <literal>root</literal>.</simpara></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2008-05-01 01:25:10 +00:00
|
|
|
<varlistentry>
|
|
|
|
<term><option>--directory <replaceable>cert-directory</replaceable></option>,
|
|
|
|
<option>-d <replaceable>cert-directory</replaceable></option></term>
|
|
|
|
|
|
|
|
<listitem><simpara>Specify the database directory containing the certificate
|
|
|
|
and key database files. The default is yet to be determined.</simpara></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
2005-04-26 09:20:45 +00:00
|
|
|
</variablelist>
|
2004-09-10 14:16:06 +00:00
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Diagnostics</title>
|
|
|
|
|
2005-04-26 09:20:45 +00:00
|
|
|
<para>The exit code indicates the state of the certificate:</para>
|
2004-09-10 14:16:06 +00:00
|
|
|
|
|
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis>0</emphasis></term>
|
|
|
|
|
|
|
|
<listitem><simpara>The certificate is outside its validity
|
|
|
|
period, or approaching expiry</simpara></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
|
|
|
|
<varlistentry>
|
|
|
|
<term><emphasis>1</emphasis></term>
|
|
|
|
|
|
|
|
<listitem><simpara>The certificate is inside its validity
|
|
|
|
period, or could not be parsed</simpara></listitem>
|
|
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Notes</title>
|
|
|
|
|
|
|
|
<para>The <command>certwatch</command> program is run daily by
|
|
|
|
<command>crond</command> from the file
|
2007-10-24 14:03:17 +00:00
|
|
|
<filename>/etc/cron.daily/certwatch</filename> to generate warning
|
|
|
|
mail concerning the imminent expiry of SSL certificates configured
|
|
|
|
for use in the Apache HTTP server. These warnings can be disabled
|
|
|
|
by adding the line: <literal>NOCERTWATCH=yes</literal> to the file
|
|
|
|
<filename>/etc/sysconfig/httpd</filename>. Additional options to
|
|
|
|
pass to <command>certwatch</command> can be specified in that file
|
|
|
|
in the <literal>CERTWATCH_OPTS</literal> environment
|
|
|
|
variable.</para>
|
2004-09-10 14:16:06 +00:00
|
|
|
|
|
|
|
</refsect1>
|
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>Files</title>
|
|
|
|
|
2007-10-24 14:03:17 +00:00
|
|
|
<para><filename>/etc/cron.daily/certwatch</filename>,
|
|
|
|
<filename>/etc/sysconfig/httpd</filename></para>
|
2004-09-10 14:16:06 +00:00
|
|
|
</refsect1>
|
2005-04-26 09:20:45 +00:00
|
|
|
|
|
|
|
<refsect1>
|
|
|
|
<title>See also</title>
|
|
|
|
|
|
|
|
<para>genkey(1)</para>
|
|
|
|
</refsect1>
|
2004-09-10 14:16:06 +00:00
|
|
|
|
|
|
|
</refentry>
|