Fed up with expired SSLs that block systems?
I wanted a system that warns me when a cert is about to expire. Or that tells me when some certs are at risk (e.g. weak encryption or algo). It provides a web site + an alerting by email.
The solution is a bit rough around the edges.
- There is NO installation script. Read the installation documentation at the bottom of this document. Contact me jl(.)dupont[@]gmail(.)com if you're stuck.
- There is NO user management. It's open source. Feel free to add it ;)
- Snapshots
Main page. Gives you a global status of your sites using SSL.
Certificate setting page. Define what you believe are acceptable SSL/TLS protocoles and Cyphers.
Add/Remove sites
Email report example
- How to install
Runs on Linux. Developped on Ubuntu 20.0
Must have:
- Python 3
- MySQL
- PHP
- Smarty (https://www.smarty.net/quick_install)
- SSLyse (https://nabla-c0d3.github.io/sslyze/documentation/installation.html)
- An authenticating mail server listening on TCP/465
- Get the source of the solution: https://github.com/jeanlucdupont/certchecker.git
- Database
- Connect to your mysql console (Must have enough right to create a DB).
- Do 'source certchecker.sql' from your mysql console.
- Web server
- Copy www subdir to /var/www/html/certchecker
- Modify your Apache configuration accordingly
- Edit /var/www/html/certchecker/connect_db.php and put the right login/password/IP
- Try the web server.
- Add sites (e.g. 192.168.1.2, www.abcdefghuj.com:1088, omg.org ). No http/https prefix.
- Add an email address in email settings
- Scripts
- Edit db_common.py and put the right login/password/IP
- Edit mailer.py and change the values for C_USER, C_PWD and C_SMTPSERVER
- Run certchecker.py and look for error. If you miss a module, add it with pip3
- Run mailer.py and look for error. If you miss a module, add it with pip3
- Schedule certchecker.py and mailer.py to run daily (cron, or cron.daily). Make sure mailer.py is ran after certchecker.py
- Profit