Open in app

Sign in

Write

Sign in

Project: SSL Certificate Expiration Audit [Akamai]

Roy Martinez Blanco
4 min readDec 4, 2020

What is this?

A tool to help audit Akamai Property Manager Configurations (Local and Remote) and DNS Record List for SSL Certificate Expiration dates.

The goal behind this project is to provide an easy way to audit SSL certificate expiration date, this is to help us keep an eye over any soon to expire certificate and avoid possible outages due to lack of visibility.

The latest version can be found on my GitHub page here

Who is this for?

This project will help mostly Akamai customers but the Audit list functionality will also be of use to any person/company that wants to see when their SSL Certificates might expire. …(Anyone)

Features

  • Audit Akamai Property Configuration:
  • Offline JSON Document
  • Current Production version (download latest)
  • Audit List of domains
  • The list can be provided on a document (comma separated)
  • The list can be provided as argument (see “How to use”)
  • Account-wide Audit
  • Switch Key Integration (for multi-account management)

Prerequisites/Requirements

I’ve provided the requirements document to help install all dependencies.

pip install -r requirements.txtasn1crypto==0.24.0
certifi==2019.9.11
cffi==1.12.3
chardet==3.0.4
cryptography==2.7
decorator==4.4.0
edgegrid-python==1.1.1
idna==2.8
ndg-httpsclient==0.5.1
pyasn1==0.4.7
pycparser==2.19
pyOpenSSL==19.0.0
python-dateutil==2.8.0
requests==2.22.0
six==1.12.0
urllib3==1.25.6
validators==0.14.0

Limitations

Currently, for version 0.1 this script will not look at variables within the origin behaviors (Property Manager) since this adds a lot of complexity. This is because as an example: a variable (origin) can be made from other variables that are only available in execution time.

How do I use it?

Audit –audit

Defines what and how this script will behave.

  • account: This type of audit will query Akamai using its OPEN APIs and will get the list of groups and contracts and for each one, it will audit all Property Manager configurations.
  • config: Similar to “account” it will fetch the Property Manager configurations but only for the names provided on the “–config-name” argument. Example: --audit config --config-name roymartinez.dev
  • file: Works with –file-type. This script currently supports two types of files list and Akamai PM Json (examples provided on the example folder). Example: --audit file --file /user/path/roymartinez.dev.json
  • list: Works with –domains, it will expect a list of DNS records and get the certificate expiration date.

Domains –domains

Space delimited DNS records to be audited.

--domains roymartinez.dev www.akamai.con

File –file

Provides a path to file to be audited.

--file /user/path/roymartinez.dev.json

File Type –file-type

Defines file type that will be used to parse the file, meaning if the value is --file-type list it will expect a comma-separated list within the file and it will loop through them and if it’s --file-type akamai (this is the default value) it will expect a json formatted rule tree from Property Manager.

Configuration Name –config-name

This argument is expected when the audit type is config because it provides the name of the Akamai Property Manager Configuration to be queried on PAPI.

Verbose –verbose

This enables debug information to be printed on what the script is doing at for visibility.

Section –section

Akamai EdgeRC files can have multiple credentials defined by “Sections [default], [papi], etc” the script by default will use the default section but this behavior can be change with this argument.,

Account Key –account-key

For multi-account users if you have switch key credentials you can specify the account ID with this.

Examples (use cases)

Audit list of domains

python3 ssl-audit.py --audit list --domains roymartinez.dev

Audit list of domains on file

python3 ssl-audit.py --audit file --file examples/list.txt --file-type list

Audit config with section and account ID

python3 ssl-audit.py --audit config --config-name roymartinez.dev --section allswitch --account-key 1-xyz

Example Output:

{
  "items": [
      {
      "propertyName": "roymartinez.dev",
      "certicates": [
          {
          "Domain": "roymartinez2.dev",
          "Serial": "xxxxxxxxxx",
          "ExpDate": "2020-06-20",
          "DaysLeft": 261
          },
          {
          "Domain": "roymartinez3.dev",
          "Serial": "xxxxxxxxxx",
          "ExpDate": "2020-06-21",
          "DaysLeft": 262
          }
      ]
      }
  ]
  }
Akamai
Python
Ssl Certificate
Audit

--

--

Roy Martinez Blanco

Written by Roy Martinez Blanco

21 Followers

I’m a photography enthusiast but in business hours I am Computer Science analyst. More about me here: https://roymartinez.dev/

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams