What is this?

A tool to help audit Akamai Property Manager Configurations (Local and Remote) and DNS Record List for SSL Certificate Expiration dates.

The goal behind this project is to provide an easy way to audit audit ssl certificate expiration date, this is to help us keep an eye over any soon to expire certificate and avoid possible outages due to lack of visibility.

The latest version can be found in my github page here

Who is this for?

This project will help mostly Akamai customers but the Audit list functionality will also be of use to any person/company that wants to see when their SSL Certificates might expire. …(Anyone)


  • Audit Akamai Property Configuration:
    • Offline JSON Document
    • Current Production version (download latest)
  • Audit List of domains
    • List can be provided on a document (comma separated)
    • List can be provided as argument (see “How to use”)
  • Account-wide Audit
  • Switch Key Integration (for multi-account management)


I’ve provided the requirements document to help install all dependencies.

pip install -r requirements.txt


Currently, for version 0.1 this script will not look at variables within the origin behaviors (Property Manager) since this adds a lot of complexity. This is because as an example: a variable (origin) can be made from other variables that are only available in execution time.

How do I use it?

Script Arguments Required Value Type Description
–audit * string Allowed values: {account,config,file,list}. This field defines the type of audit to used.
–domains with audit type list. list Space delimited list of DNS records.
–file with audit type “file”. string Path to the file to be parsed.
–file-type   string Allowed values: {akamai, list}. You can provide a file that is either a list of DNS records or an Akamai Property Manager JSON configuration. The default value for this argument is “Akamai”, meaning if parsing a PM configuration it is optional.
–config-name with audit type “config”. list List of Akamai Property names.
–section   string Name of EdgeRC credential section to be used for Akamai PAPI.
–account-key   string Akamai account ID to be audited (SwitchKey)
–verbose   None Print debug information.

Audit –audit

Defines what and how this script will behave.

  • account: This type of audit will query Akamai using its OPEN API’s and will get the list of groups and contracts and for each one it will audit all Property Manager configurations.
  • config: Similar to “account” it will fetch the Property Manager configurations but only for the names provided on the “–config-name” argument.

    Example: --audit config --config-name roymartinez.dev

  • file: Works with –file-type. This script currently supports two types of files list and Akamai PM Json (examples provided on the example folder).

    Example: --audit file --file /user/path/roymartinez.dev.json

  • list: Works with –domains, it will expect a list of DNS records and get certificate expiration date.

Domains –domains

Space delimited DNS records to be audited.

--domains roymartinez.dev www.akamai.con

File –file

Provides path to file to be audited.

--file /user/path/roymartinez.dev.json

File Type –file-type

Defines file type that will be used to parse the file, meaning if the value is --file-type list it will expect a comma separated list within the file and it will loop though them and if it’s --file-type akamai (this is the default value) it will expect a json formated rule tree from Property Manager.

Configuration Name –config-name

This argument is expected when the audit type is config because it provides the name of the Akamai Property Manager Configuration to be queries on PAPI.

Verbose –verbose

This enables debug information to be printed on what the script is doing at for visibility.

Section –section

Akamai EdgeRC files can have multiple credentials defined by “Sections [default], [papi], etc” the script by default will use the default section but this behavior can be change with this argument.,

Account Key –account-key

For multi-account users if you have switch key credentials you can specify the account ID with this.

Examples (use cases)

  • Audit list of domains

      python3 ssl-audit.py --audit list --domains roymartinez.dev

  • Audit list of domains on file

      python3 ssl-audit.py --audit file --file examples/list.txt --file-type list

  • Audit config with section and account ID

      python3 ssl-audit.py --audit config --config-name roymartinez.dev --section allswitch --account-key 1-xyz

    Example Output:

      "items": [
          "propertyName": "roymartinez.dev",
          "certicates": [
              "Domain": "roymartinez2.dev",
              "Serial": "xxxxxxxxxx",
              "ExpDate": "2020-06-20",
              "DaysLeft": 261
              "Domain": "roymartinez3.dev",
              "Serial": "xxxxxxxxxx",
              "ExpDate": "2020-06-21",
              "DaysLeft": 262