Hi,
i have a more ’ i will make it easier for me’ question.
Today i get a call from an employee that he can not login in the vpn anymore.
The message was clear, the cert for the vpn was eol.
My question is. Has someone an idea how i can get a warning a week or 2 before an clientcert will come to it’s eol?
It’d not critical or important, it’s more a nice to have for me.
Silvio
Hi Silvio,
it felt 100.000 year ago but there was an attempt in the old forum to work on such a script. The development history is in german --> https://forum.ipfire.org/viewtopic.php?t=11513 (may useful for you ?) but the script is also presant in here --> https://gitlab.com/ummeegge/scripts/-/blob/master/ovpn_cert_expiration_check.sh .
Attention!!!: Am currently not sure if/how it works so you should test it first if you are interested in it. The sendEmail part is commented (you need to configure it, same with GPG since the script want´s to crypt such mails), the script is in debugging mode and the preparation directory (under /tmp) won´t be deleted to dig deeper into potential problems, so some stuff has to be done before but i think you can use it on a dry mode without deleting the internet 
.
If you are interested in it, feel free to extend it and if you want deliver here some extension, bugs or/and feedback you are welcome to do so.
Best,
Erik
Thanks Erik,
i will have a look on it.
Silvio
Hi Silvio,
are there any news in this subject ? If yes, the Wiki can may be modified.
Best,
Erik
The script from ummeegge works like a charme!
Greetz
Thanks for your check and your feedback, Wiki has been adapted --> https://wiki.ipfire.org/optimization/scripts/ovpcertstat .
Best,
Erik