
Show HN: Dogtag PKI certificate expiry notification and auto-renewal - eveith
https://github.com/eveith/dogtag-notify-expiring-certificates
======
eveith
This repository contains two simple Perl5 scripts that:

1\. Check for certificates that are about to expire, and notify the owner, 2\.
automatically renew a local certificate if it is about to expire.

The scripts work with the Dogtag PKI
([http://pki.fedoraproject.org/](http://pki.fedoraproject.org/)). Their raîson
d'être lies in the necessity of many companies to have their own PKI, which
then also is used to identify internal servers (instead of, for example, Let's
Encrypt). However, there is not automatic certificate renewal for those server
certificates (as the ACME protocol clients provide, for example), even though
a certificate may be automatically renewed through the corresponding
certificate profile. Additionally, there is no easy way to notify users (not
servers!) that their certificate is about to expire and they need to renew it
(if they can and may do so).

I hope somebody finds them useful. :)

