Check Certificate Revocation List

I couldn’t find any existing CRL check that worked that could hit a URL and check the next update time on a CRL file. Also I didn’t want to use any weird libraries other than curl and openssl. So I wrote this.

Download the script

Usage: ./check_crl_url -U <url> -w <days> -c <days>

Expected output looks like this:

CRL OK: Expires in 4 Day(s) 21 Hour(s) 55 Minute(s) 24 Second(s).

  4 comments for “Check Certificate Revocation List

  1. May 11, 2015 at 13:34

    i received an error when configure this. error message ‘CRL UNKNOWN: Couldn’t read CRL file. ‘

  2. May 11, 2015 at 14:15

    The url you provide to the the script should be the location of the CRL file.

  3. red
    September 25, 2015 at 04:40

    I’ve done that but still unable to get CRL expiry with same error CRL Unknown. the location of CRL is accessible via http. any idea?

    my service
    define service {
    use generic-service
    host_name crl
    service_description Check CRL comodoca PositiveSSLCA2
    check_command check_crl_url!http://EVIntl-crl.verisign.com/EVIntl2006.crl!15!10
    }

    my command
    # ‘check_crl_url’ command definition
    define command{
    command_name check_crl_url
    command_line $USER1$/check_crl_url -U $ARG3$ -w $ARG1$ -c $ARG2$
    }

  4. May 24, 2016 at 23:26

    It looks like you have your command arguments being passed in the wrong order. It seems to be working ok here:

    ./check_crl_url -U http://EVIntl-crl.verisign.com/EVIntl2006.crl -w 15 -c 10
    CRL CRITICAL: Expires in 6 Day(s) 14 Hour(s) 36 Minute(s) 48 Second(s).

Leave a Reply