My new SSL check is virtually done, just need to DS-ize it. The code works for any site, including SNI. This means no AD since you can't discover what URLs a host will respond to, but it will work on multiple URL instances in the DS when I am done.
[mnagel@colby ~]$ groovy getCertv2.groovy https://www.google.com
Response Code : 200
Cipher Suite : TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Subject: CN=www.google.com, O=Google Inc, L=Mountain View, ST=California, C=US
Issuer: CN=Google Internet Authority G2, O=Google Inc, C=US
Used Days: 10
Remaining Days: 74
Lifetime Consumed: 12.0%
Alerts will still generally be tied to remaining days, but graphs will be able to show "percent lifetime consumed" and alerts could be tied to that instead if preferred.