crypto-utils/certwatch.xml

92 lines
2.8 KiB
XML
Raw Normal View History

<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<refentry>
<refentryinfo>
<productname>crypto-utils</productname>
<date>September 2004</date>
</refentryinfo>
<refmeta>
<refentrytitle>certwatch</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>certwatch</refname>
<refpurpose>generate SSL certificate expiry warnings</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>certwatch</command>
<arg choice="opt"><option>-q</option></arg>
<arg choice="plain"><replaceable>filename</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>The <command>certwatch</command> program is used to issue
warning mail when an SSL certificate is about to expire.</para>
<para>The program has two modes of operation: normal mode and
quiet mode. In normal mode, the certificate given by the
<replaceable>filename</replaceable> argument is examined, and a
warning email is issued to standard output if the certificate is
outside its validity period, or approaching expiry. If the
certificate cannot be found, or any errors occur whilst parsing
the certificate, the certificate is ignored and no output is
produced.</para>
<para>In quiet mode (when the <literal>-q</literal> argument is
given), no output is ever produced.</para>
</refsect1>
<refsect1>
<title>Diagnostics</title>
<para>In both modes of operation, the exit code indicates the
state of the certificate:</para>
<variablelist>
<varlistentry>
<term><emphasis>0</emphasis></term>
<listitem><simpara>The certificate is outside its validity
period, or approaching expiry</simpara></listitem>
</varlistentry>
<varlistentry>
<term><emphasis>1</emphasis></term>
<listitem><simpara>The certificate is inside its validity
period, or could not be parsed</simpara></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Notes</title>
<para>The <command>certwatch</command> program is run daily by
<command>crond</command> from the file
<filename>/etc/cron.daily/certwatch</filename> to warn about the
imminent expiry of SSL certificates configured for use in the
Apache HTTP server. This warning can be disabled by adding the
line: <literal>NOCERTWATCH=yes</literal> to the file
<filename>/etc/sysconfig/httpd</filename>.</para>
</refsect1>
<refsect1>
<title>Files</title>
<para><filename>/etc/cron.daily/certwatch</filename></para>
</refsect1>
</refentry>