Scanning and Reporting on SSL Cert Expiry Dates – an SSL Certificate Scanner using bash, php and jQuery

A while ago I cooked up a bash script to scan relevant internal subnets for ssl certs, save/parse a copy of the x509 data and list all the discovered info in a delimited text file for analysis in a spreadsheet.

This works well by itself, but for the convenience of quick lookups without involving excel or libreoffice, a web page can be useful. PHP provides a simple method for converting a delimited file into a table (fgetcsv() ), and jQuery has a great plugin called tablesorter which allows you to do some quick sorting and filtering right there in the browser. It didnt take long to mash these together into a one script web page to display the sortable certificate data at a glance.

Sample screenshot:

Screenshot sample of scancerts

The sample only shows the three dummy values I’ve included in the demo, but I’ve used this in production with 600+ scanned certs and it works well.

Scancerts has two main components:

  1. Bash script which eats a text file containing a list of networks to scan, uses openssl, sed, awk, grep, cut, etc to generate another text file containing a delimited list of discovered certs.
  2. PHP script which turns the delimited text file into a HTML table, and augments it with some jQuery so your browser can sort and filter the HTML table on the fly.

Installation Steps

  1. Create a web-accessible folder on your linux box
  2. Unpack the files in the provided archive to the web folder
  3. Make sure file/folder permissions are set correctly (and you can run PHP!)
  4. Add the subnets you want to scan into ‘subnets.txt’
  5. Make ‘scancerts’ executable
  6. Run scancerts and optionally add it to cron
  7. View a nice sortable html list of discovered certs

Download: scancerts_v0.1.tar.gz


  • Avatar
    Mark J
    November 5, 2013 - 1:09 am | Permalink

    This is just what the doctor ordered! You’re awesome.

    BTW, any other way to do it without timeout? It doesn’t exist in Centos and had to strip that part out.

  • November 24, 2015 - 7:10 pm | Permalink

    I’m looking into this application, since it has very practical benefits. I’ll try to extend it.

    My goal is to have ‘sslscan’ do the scanning and to render its output in HTML tables, and to have the bash script replaced with some code that handles variable length subnet masks.

    If you have been working on this since this post was published, let me know.

    With kind regards,
    Jelmer de Reus

    • November 24, 2015 - 9:54 pm | Permalink

      Hi Jelmer – I actually started re-implementing this in python awhile ago. I’ll look at finishing it off and posting something here in case it is useful.

  • Avatar
    December 3, 2015 - 4:19 am | Permalink

    Hey Glen,

    Just found this article and your site and I’d definitely be interested in seeing your python version of this. If I could add a request, the ability to add specific port scanning such as 7443, 8443) for certain subnets is something that would be super helpful. Right now I’ve been doing the same thing, bash script + awk/grep/sed for cleaning it up in to a csv but I’d like to have something cleaner and that I can throw on a webserver+cron!


  • December 3, 2015 - 4:35 pm | Permalink

    Hi Shawn – I’m doing the python version of this now and I’ll look at adding custom port options as well.

  • Leave a Reply

    Your email address will not be published. Required fields are marked *