Show HN: Dogtag PKI certificate expiry notification and auto-renewal
github.comThis repository contains two simple Perl5 scripts that:
1. Check for certificates that are about to expire, and notify the owner, 2. automatically renew a local certificate if it is about to expire.
The scripts work with the Dogtag PKI (http://pki.fedoraproject.org/). Their raîson d'être lies in the necessity of many companies to have their own PKI, which then also is used to identify internal servers (instead of, for example, Let's Encrypt). However, there is not automatic certificate renewal for those server certificates (as the ACME protocol clients provide, for example), even though a certificate may be automatically renewed through the corresponding certificate profile. Additionally, there is no easy way to notify users (not servers!) that their certificate is about to expire and they need to renew it (if they can and may do so).
I hope somebody finds them useful. :)