Generate list of soon expiring certificates


we have created around 120 users in the Ipfire under OpenVPN. These certificates will soon expire, now I have to click into each individual certificate to see the expiry date.

Is there a way to generate a list of the certificates that are about to expire?



You will have to do it from the console command line with a script.

The command to find the end date from the certs is

cat /var/ipfire/ovpn/certs/xxxxxcert.pem | openssl x509 -noout -enddate

where xxxxx is the connection name for each user. Your script just needs to cycle through all the xxxxxcert.pem files in /var/ipfire/ovpn/certs

The above command gives the following example output

notAfter=Dec  2 19:34:21 2022 GMT

which can then be filtered by the script as desired.

If I type the command in putty, it works fine…

How can I create a cycle through all pem files? With an array?

searching for “bash loop through files in directory” gets lots of links on how to do that.

Matthias, here’s a short script …

cd /var/ipfire/ovpn/certs/
for f in $(ls *cert.pem); do 
  z=`cat $f | openssl x509 -noout -enddate`; 
  printf "%s \t %s \n"  "$f" "$z" ; 
1 Like