Projects / x509watch


x509watch is a simple command line application that can be used to list soon expiring or already expired X.509 certificates, such as SSL certificates. All certificates are searched by default in the standard PKI directory, but any other directory can be specified as a parameter. Only Base64 encoded DER and PEM X.509 certificates are supported.

Operating Systems

Recent releases

  •  29 Nov 2013 07:50

    Release Notes: Works (again) around Y2K38 problems on systems with 32-bit Perl. Adds support for systemd timers alternatively to classical cron jobs. Excludes new Root Certificate Authority bundles "email-ca-bundle.pem", "objsign-ca-bundle.pem", and "tls-ca-bundle.pem" used by/for p11-kit, which are e.g. introduced with Fedora 19 and Red Hat Enterprise Linux 6.5.

    •  26 Jun 2011 16:54

      Release Notes: This release works around the Y2K38 problem on systems with older 32-bit Perl. It excludes the new Root CA bundle "" in Fedora. It updates the copy of the GNU GPLv2 to reflect the new FSF address.

      •  02 Jun 2011 16:30

        Release Notes: Mail from the cron job with x509watch output is now in the style of logwatch.

        •  03 Aug 2010 21:07

          Release Notes: Avoid any dying when files are possibly encountered a second time. Inaccessible files or dangling symlinks will now cause only warnings. An option to include specified files (not only directories) has been added. An option to ignore (including globbing) specified files has been added. /etc/ssl has been added to default PKI paths (openSUSE, Debian, and Ubuntu). More distribution Root Certifiate Authority bundles are excluded. An option to suppress all access/dangling symlink warnings has been added.

          •  27 Jul 2010 21:44

            Release Notes: This release replaces the find(1) call (from fileutils) with Perl's File::Find. It executes /usr/bin/openssl rather than openssl in $PATH by default; an alternative path to the OpenSSL binary can be set via a parameter. It uses IPC::Open3 rather than open() to pipe certificates to OpenSSL. It replaces the remaining open() with sysopen() for better file handling.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.