Wouldn't it be nice to get ahead of expiring SSL certs if only it was easy to know where the expiring ones are.
Nexpose already collects this information and this SQL Query will show all certs expiring in 90 days so you can have all certs updated.
You can adjust the expiration time to what makes the most sense for your operations - 60 days, 180 days. etc.
cert_expiration_dates AS (
SELECT DISTINCT asset_id, service_id, name,value
WHERE lower(name) LIKE '%ssl.cert.not.valid.after'
SELECT ip_address, host_name, mac_address, ced.value
JOIN cert_expiration_dates AS ced USING (asset_id)
WHERE (cast(ced.value AS DATE) - CURRENT_TIMESTAMP <= INTERVAL '90 days') AND (cast(ced.value AS DATE) - CURRENT_TIMESTAMP > INTERVAL '0 days')
Sun, 12 Apr 2015 20:10:29 PDT