For a big org, SSL certs can sometimes be a bitch to manage. I recently started a project to track all the SSL-enabled devices on our medium-sized network, and it came out to something in the low four-digits. As you might assume, not all of them are CA-signed, and many of them expire without anyone ever realizing it.
I wrote a couple scripts to manage bulk-checking SSL certs on a network. One of them uses Curl's Mozilla root CA .pem file and follows the chain to verify a cert is really signed and not expired. https://github.com/psypete/public-bin/tree/public-bin/src/ne...
I wrote a couple scripts to manage bulk-checking SSL certs on a network. One of them uses Curl's Mozilla root CA .pem file and follows the chain to verify a cert is really signed and not expired. https://github.com/psypete/public-bin/tree/public-bin/src/ne...