The latest version of the crypto-utils package in Raw Hide includes certwatch(1), which can be used to check whether an X.509 certificate has expired or is about to expire, and issue warning messages as necessary. It's implemented in /etc/cron.daily/certwatch to, by default, check all certificates configured in the mod_ssl configuration, but this can be extended to any other services which use SSL certificates. Regards, joe
