{"id":24499235,"url":"https://github.com/fabianoflorentino/certificate-validate","last_synced_at":"2025-04-14T05:32:40.957Z","repository":{"id":41820192,"uuid":"405229877","full_name":"fabianoflorentino/certificate-validate","owner":"fabianoflorentino","description":"Validate some info in SSL/TLS Certificates","archived":false,"fork":false,"pushed_at":"2025-01-20T21:22:55.000Z","size":257,"stargazers_count":3,"open_issues_count":6,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T18:51:53.056Z","etag":null,"topics":["python","python3","ssl","ssl-certificates","tls","tls-certificate"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fabianoflorentino.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-10T22:44:41.000Z","updated_at":"2024-11-11T22:10:38.000Z","dependencies_parsed_at":"2024-02-03T20:29:10.855Z","dependency_job_id":"b0671ce2-6e48-48d7-a68a-c2ed96a50916","html_url":"https://github.com/fabianoflorentino/certificate-validate","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabianoflorentino%2Fcertificate-validate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabianoflorentino%2Fcertificate-validate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabianoflorentino%2Fcertificate-validate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fabianoflorentino%2Fcertificate-validate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fabianoflorentino","download_url":"https://codeload.github.com/fabianoflorentino/certificate-validate/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248826718,"owners_count":21167732,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["python","python3","ssl","ssl-certificates","tls","tls-certificate"],"created_at":"2025-01-21T22:13:45.683Z","updated_at":"2025-04-14T05:32:40.934Z","avatar_url":"https://github.com/fabianoflorentino.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# **certificate-validate**\n\n[![Build Image (Dockerhub)](https://github.com/fabianoflorentino/certificate-validate/actions/workflows/ci.yml/badge.svg)](https://github.com/fabianoflorentino/certificate-validate/actions/workflows/ci.yml)\n\nValidate some info in SSL/TLS Certificates\n\n## **prerequisites**\n\n* Docker\n* Internet Access\n\n## **build**\n\n```shell\ndocker build --no-cache --rm -t \u003cNAME_OF_IMAGE\u003e -f ./Dockerfile .\n```\n\n## **configuration**\n\nCreate directory for the configuration file:\n\n```shell\nmkdir -p \u003cPATH TO DIRECTORY\u003e\n```\n\nCreate a file named **settings.yml**\n\nCopy the **config/settings.yml** on directory you create before:\n\n```shell\ncp config/settings.yml \u003cPATH TO DIRECTORY\u003e\n```\n\n### **settings.yml**\n\n| **variable** | **description** |\n| ------------- | --------------- |\n| check_time | Time to wait for the certificate to be validated, is optional, if not set, it will be set to **86400** |\n| **app_configs** |\n| name | Name of the application |\n| host | IP or DNS name of the application |\n| port | Port of the application |\n| environment | Environment of the application |\n| debug | Debug mode of the application |\n| **hosts** |\n| name | Name of the certificate to validate |\n| url | URL of the certificate to validate |\n| port | Port of the certificate to validate |\n\n```yml\n---\ncheck_time: 30\n\napp_configs:\n - name: 'certificate-validate'\n host: '0.0.0.0'\n port: '5000'\n environment: 'development'\n debug: True \n\nhosts:\n - name: \"github.com\"\n url: 'github.com'\n port: '443'\n```\n\n**OBS:**\n\nFor validate more than one certificate, you can add more hosts in the **settings.yml** file.\n\n```yml\nhosts:\n - name: \"github\"\n url: \"github.com\"\n port: '443'\n - name: \"gitlab\"\n url: \"gitlab.com\"\n port: '443'\n - name: \"twitter\"\n url: \"twitter.com\"\n port: '443'\n```\n\n### **volume**\n\n```shell\ndocker volume create --driver local -o o=bind -o type=none -o device=\u003cDIR TO BIND\u003e \u003cNAME OF VOLUME\u003e\n```\n\n**Example:**\n\n```shell\ndocker volume create --driver local -o o=bind -o type=none -o device=/tmp/volume/certificate-validate certificate-validate\n```\n\n### **permissions**\n\n```shell\nchown -R 1000:1000 \u003cDIR TO BIND ON VOLUME\u003e\n```\n\n**Example:**\n\n```shell\nchown -R 1000:1000 /tmp/volume/certificate-validate\n```\n\n### **entrypoint**\n\n```shell\n\"\nusage: \n\nexport API_HOST_ADDRESS=\u003chostname\u003e or export API_HOST_ADDRESS=\u003cip\u003e\nexport API_PORT=\u003cport\u003e\n\n./entrypoint.sh [OPTIONS] [ARGUMENTS]\n\nEx. ./entrypoint.sh -i dev || ./entrypoint.sh -i prod || ./entrypoint.sh -h\n\noptional arguments:\n -v, --version show program's version number and exit\n -l, --local run the program locally\n --check_time Time to wait for the certificate to be validated, is optional, if not set, it will be set to **86400**\n this time is configured in the **settings.yml** file\n --exit Consult once and exit\n -i, --api run the program on the API\n dev run the program locally on the development environment\n prod run the program on the production environment\n -h, --help show this help message and exit\n\"\n```\n\n### **run local**\n\n```shell\ndocker run -d --name certificate_validate_test \\\n-v \u003cNAME OF VOLUME\u003e:/app/config \\\nfabianoflorentino/certificate-validate:test --local --check_time\n```\n\n**Example:**\n\n```shell\ndocker run -d --name certificate_validate_test \\\n-v certificate-validate:/app/config \\\nfabianoflorentino/certificate-validate:test --local --check_time\n```\n\n### **status**\n\n```shell\nCONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES\nd33be85a9e6b fabianoflorentino/certificate-validate:test \"/app/entrypoint.sh …\" 27 minutes ago Up 27 minutes certificate_validate_test\n```\n\n### **run api**\n\n#### **dev**\n\n```shell\ndocker run -d --name certificate_validate_test \\\n-p 5000:5000 \\\n-v \u003cNAME OF VOLUME\u003e:/app/config \\\nfabianoflorentino/certificate-validate:test --api dev\n```\n\n#### **prod**\n\n```shell\ndocker run -d --name certificate_validate_test \\\n-p 5000:5000 \\\n-e API_HOST_ADDRESS=\u003chostname\u003e \\\n-e API_PORT=\u003cport\u003e \\\n-v \u003cNAME OF VOLUME\u003e:/app/config \\\nfabianoflorentino/certificate-validate:test --api prod\n```\n\n**Example:**\n\n```shell\ndocker run -d --name certificate_validate_test \\\n-p 5000:5000 \\\n-v certificate-validate:/app/config \\\nfabianoflorentino/certificate-validate:test --api dev\n```\n\n**OBS:**\nThe **api** option will run the application in **api mode**, the **check_time** option will be ignored.\nCertificate information will be validated on time consult. If you want to validate the certificate periodically, you can use the **cron** option.\n\n### **endpoints**\n\n| **endpoints** | **description** |\n| ------------- | --------------- |\n| /api/v1/cert/info | Get the certificate informations |\n\n#### **output**\n\n```json\n{\n \"commonName\": \"github.com\",\n \"subjectAltName\": \"['github.com', 'www.github.com']\",\n \"issuer\": \"DigiCert High Assurance TLS Hybrid ECC SHA256 2020 CA1\",\n \"type\": \"Organization Validation (OV) Web Server SSL Digital Certificate\",\n \"notBefore\": \"2021-03-25 00:00:00\",\n \"notAfter\": \"2022-03-30 23:59:59\",\n \"daysLeft\": \"178\",\n \"crl\": \"['http://crl3.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl', 'http://crl4.digicert.com/DigiCertHighAssuranceTLSHybridECCSHA2562020CA1.crl']\"\n}\n{\n \"commonName\": \"gitlab.com\",\n \"subjectAltName\": \"['gitlab.com', 'auth.gitlab.com', 'customers.gitlab.com', 'email.customers.gitlab.com', 'gprd.gitlab.com', 'www.gitlab.com']\",\n \"issuer\": \"Sectigo RSA Domain Validation Secure Server CA\",\n \"type\": \"Domain Validation (DV) Web Server SSL Digital Certificate\",\n \"notBefore\": \"2021-04-12 00:00:00\",\n \"notAfter\": \"2022-05-11 23:59:59\",\n \"daysLeft\": \"220\",\n \"crl\": \"CRL not found for this certificate!\"\n}\n{\n \"commonName\": \"twitter.com\",\n \"subjectAltName\": \"['twitter.com', 'www.twitter.com']\",\n \"issuer\": \"DigiCert TLS RSA SHA256 2020 CA1\",\n \"type\": \"Organization Validation (OV) Web Server SSL Digital Certificate\",\n \"notBefore\": \"2021-02-09 00:00:00\",\n \"notAfter\": \"2022-02-07 23:59:59\",\n \"daysLeft\": \"127\",\n \"crl\": \"['http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl', 'http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl']\"\n}\n```\n\n**OBS:** Outputs are in **json** format.\n\n### **logs**\n\n**RFC (Request for Comments):** [Internet X.509 Public Key Infrastructure Certificate and CRL Profile](https://www.rfc-editor.org/rfc/rfc2459#section-4.1)\n\n| **fields** | **description** |\n| ------------- | --------------- |\n| \"commonName\" | Common Name of the certificate |\n| \"subjectAltName\" | Subject Alternative Name of the certificate |\n| \"issuer\" | Issuer of the certificate |\n| \"type\" | Type of the certificate |\n| \"notBefore\" | Not Before of the certificate |\n| \"notAfter\" | Not After of the certificate |\n| \"daysLeft\" | Days left to expire the certificate |\n| \"crl\" | Certificate Revocation List of the certificate |\n\n**OBS**: daysLeft is not part of the RFC, it is calculated based on the current date and notAfter field.\n\n```shell\ndocker exec -it \u003cCONTAINER NAME\u003e cat /app/certificate.log\n```\n\n## **actions**\n\n| **environment** | **description** |\n| --------------- | ---------------- |\n| DOCKERHUB | Environment configured on Github |\n\n[**Environments**](https://docs.github.com/en/actions/reference/environments)\n\n* [**Creating**](https://docs.github.com/en/actions/reference/environments#creating-an-environment)\n\n| **variable** | **description** |\n| ------------- | --------------- |\n| secrets.DOCKERHUB_USERNAME | Username of the dockerhub account |\n| secrets.DOCKERHUB_TOKEN | Token of the dockerhub account |\n| GITHUB_REPOSITORY | Your GitHub repository needs to have the same name of Dockerhub Repository |\n\n* [**secrets**](https://docs.github.com/en/actions/reference/encrypted-secrets)\n\n \"Encrypted secrets allow you to store sensitive information in your organization, repository, or repository environments.\"\n\n* [**Workflow syntax for GitHub Actions**](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions)\n\n \"A workflow is a configurable automated process made up of one or more jobs. You must create a YAML file to define your workflow configuration.\"\n\n### **CI**\n\n```yaml\n---\nname: CI\n\non:\n push:\n branches:\n - main\n paths-ignore:\n - 'README.md'\n - 'LICENSE'\n - 'docs/**'\n - '.github/**'\n\njobs: \n build:\n environment: DOCKERHUB\n name: Build and Push to Docker Hub\n runs-on: ubuntu-latest\n\n steps:\n # Checkout the repository\n - name: Checkout\n uses: actions/checkout@v2\n\n # Login to Docker Hub\n - name: Login\n run: docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}\n\n # Build the image\n - name: Build\n run: |\n docker build \\\n --no-cache \\\n --rm \\\n -t $GITHUB_REPOSITORY:latest \\\n -f ./Dockerfile .\n \n # Push the image to Docker Hub\n - name: Push\n run: docker push $GITHUB_REPOSITORY:latest\n\n```\n\n### **Pylint**\n\n```yaml\nname: Pylint\n\non:\n push:\n branches:\n - main\n paths-ignore:\n - 'README.md'\n - 'LICENSE'\n - 'docs/**'\n - '.github/**'\n\njobs:\n build:\n\n runs-on: ubuntu-latest\n\n steps:\n - uses: actions/checkout@v2\n - name: Set up Python 3.9\n uses: actions/setup-python@v2\n with:\n python-version: 3.9\n - name: Install dependencies\n run: |\n python -m pip install --upgrade pip\n python -m pip install -r ./requirements.txt\n pip install pylint\n - name: Analysing the code with pylint\n run: |\n pylint `ls -R|grep .py$|xargs`\n\n```\n\n### **CodeQL**\n\n```yaml\nname: \"CodeQL\"\n\non:\n push:\n branches:\n - main\n paths-ignore:\n - 'README.md'\n - 'LICENSE'\n - 'docs/**'\n - '.github/**'\n\njobs:\n analyze:\n name: Analyze\n runs-on: ubuntu-latest\n permissions:\n actions: read\n contents: read\n security-events: write\n\n strategy:\n fail-fast: false\n matrix:\n language: [ 'python' ]\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v2\n\n # Initializes the CodeQL tools for scanning.\n - name: Initialize CodeQL\n uses: github/codeql-action/init@v1\n with:\n languages: ${{ matrix.language }}\n\n - name: Autobuild\n uses: github/codeql-action/autobuild@v1\n\n - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@v1\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabianoflorentino%2Fcertificate-validate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffabianoflorentino%2Fcertificate-validate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffabianoflorentino%2Fcertificate-validate/lists"}