- ARGV.sort.each do |expected|
- puts "Certificate #{domain} is missing subjectAltName #{expected}" unless alt_names.shift == "DNS:#{expected}"
- end
+if Time.now < certificate.not_before
+ puts "Certificate #{domains.first} on #{host} not valid until #{certificate.not_before}"
+elsif certificate.not_after - Time.now < 21 * 86400
+ puts "Certificate #{domains.first} on #{host} expires at #{certificate.not_after}"
+else
+ subject_alt_name = certificate.extensions.find { |e| e.oid == "subjectAltName" }
+
+ if subject_alt_name.nil?
+ puts "Certificate #{domains.first} on #{host} has no subjectAltName"
+ else
+ alt_names = subject_alt_name.value.split(/\s*,\s*/).map { |n| n.sub(/^DNS:/, "") }