The common role deploys a helper script that can verify validity of certificates - check_certificate.sh. This certificate is in turn invoked via a crontab, and in case there is output, a mail will end-up being sent to the local root account (as per standard cron daemon configuration).

However, there is a couple of annoyances when the script is used:

• If certificates have been specified for validation, the script will produce warnings. This results in spurious mails being sent out for servers where no certificate checks should be performed.
• Expiration check will output just the expiration date, while it might be useful to actually produce information in a more human-readable format as well (e.g. certificate expires in 2 days).
• Even when all checks are passing, a mail will end-up being sent out, since the script reports certificates that pass the check as well. This might reduce readability and administrator has to pay attention to each mail sent.

The following should be done:

• Change message level to INFO when informing user that no certificates have been configured for checks.
• Show estimate of how soon the certificate expires in more human-readable format (e.g. "in 2 days") - in addition to absolute date. Granularity in days should be sufficient.
• Introduce "quiet" mode (option -q) that will only output warnings and errors (hiding any other messages). This should reduce number of mails being sent out, and make it clear what certificates need to be handled.