CheckMyCerts: Your Certificate Checker
I wrote this as I got tired of looking up certificates different ways and also to run it through bulk hosts/ports. Export your nessus components, give it to this bad boy and there we have a nice nifty terminal output in tabular format (also exportable to CSV).
Key Features
Retrieve Certificate Details: CheckMyCerts fetches key details of SSL/TLS certificates from specified hosts and ports. This includes the certificate's subject name, issuer, issuance date, and expiry date.
Self-Signed Certificate Detection: The tool identifies if a certificate is self-signed, which is vital for security assessments, as self-signed certificates are generally not trusted by web browsers.
Expiry Checks: It automatically compares the certificate's expiry date with the current system date to determine if a certificate has expired, helping administrators avoid website downtimes due to expired certificates.
Tabular Display: All data is presented in an easy-to-read tabular format, thanks to the PrettyTable library.
CSV Export Functionality: For further analysis or record-keeping, users can export the gathered certificate details to a CSV file.
Debug Mode: In case of errors or issues, a debug mode provides detailed error messages, aiding in troubleshooting.
Installation and Usage
Installation is straightforward. Clone the repository, navigate to the directory, and install the required packages using pip.
CheckMyCerts can be run from the command line with options to check a single host and port or multiple entries from a file. A debug mode can also be enabled for detailed error reporting.
Under the Hood
CheckMyCerts is written in Python, a choice made for its versatility and ease of use. It uses the subprocess module to interact with OpenSSL, a robust tool for SSL/TLS certificate management. The script then parses the output, organizes the data, and displays it using the PrettyTable library for enhanced readability.
Conclusion
I do have more features planned for this to add such as certificate trust checking, longer than 39 months of expiration time checks as well as CN mistmatch which I plan for the next release. All contributions are welcome!
