In our environment, the OSX login keychain contains multiple certificates with the same name (the enduser account name). I want to loop through these certs and capture the expiration dates.

I created an array in bash using the security command (including the -a argument for finding all instances) for finding the cert and piping it to the openssl command for finding the expiration date. But the array only returns the expiration date of the first certificate, and none of the others.

array=( `/usr/bin/security find-certificate -a -c $user -p -Z       /Users/$user/Library/Keychains/login.keychain | /usr/bin/openssl x509 -noout -enddate | cut -f2 -d= | tr ' ' '-'` );

for i in ${array[@]}
echo "$user has an expiration date of $i."

0 Answers