+def verify_certificate(cert, args):
+ expiretimestamp = cert_time_to_seconds(cert['notAfter'])
+ starttimestamp = cert_time_to_seconds(cert['notBefore'])
+
+ if datetime.utcfromtimestamp(starttimestamp) > datetime.utcnow():
+ logging.error("Certificate will only be valid starting %s", cert['notBefore'])
+ return 2
+
+ if datetime.utcfromtimestamp(expiretimestamp) < datetime.utcnow():
+ logging.error("Certificate will only be valid until %s", cert['notAfter'])
+ return 2
+
+ delta = datetime.utcfromtimestamp(expiretimestamp) - datetime.utcnow()
+ deltastr = str(delta).split(",")
+
+ if delta.days < args.critdays:
+ logging.error("expires in %8s,%16s", deltastr[0], deltastr[1])
+ return 2
+ elif delta.days < args.warndays:
+ logging.warn("expires in %8s,%16s", deltastr[0], deltastr[1])
+ return 1
+
+ return 0