Thursday, December 26, 2024
Google search engine
HomeSecurity & TestingHow To Check SSL Certificate Expiration with OpenSSL

How To Check SSL Certificate Expiration with OpenSSL

.tdi_3.td-a-rec{text-align:center}.tdi_3 .td-element-style{z-index:-1}.tdi_3.td-a-rec-img{text-align:left}.tdi_3.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_3.td-a-rec-img{text-align:center}}

For Linux and Unix users, you may find a need to check the expiration of Local SSL Certificate files on your system. OpenSSL comes with an SSL/TLS client which can be used to establish a transparent connection to a server secured with an SSL certificate or by directly invoking certificate file.

OpenSSL Certificate

This guide will discuss how to use openssl command to check the expiration of .p12 and start .crt certificate files.

Below example demonstrates how the openssl command is used:

.tdi_2.td-a-rec{text-align:center}.tdi_2 .td-element-style{z-index:-1}.tdi_2.td-a-rec-img{text-align:left}.tdi_2.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_2.td-a-rec-img{text-align:center}}

$ cat /etc/kubernetes/kubelet-ca.crt | openssl x509 -noout -enddate
notAfter=Aug  5 21:38:23 2029 GMT

The /etc/kubernetes/kubelet-ca.crt should be replaced with the correct path to your crt file.

For .p12 files, extract it first to a .pem file using the following command:

openssl pkcs12 -in mycert.p12 -out mycert.pem -nodes
cat mycert.crt | openssl x509 -noout -enddate

One command for this is:

openssl pkcs12 -in mycert.p12 -nodes | openssl x509 -noout -enddate

For certificates already used in Live websites, you can run:

export SITE_URL="geeksforgeeks.org"
export SITE_SSL_PORT="443"
openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} \
  -servername ${SITE_URL} 2> /dev/null |  openssl x509 -noout  -dates

Sample output:

..................
notBefore=May 15 00:00:00 2023 GMT
notAfter=May 14 23:59:59 2024 GMT

The expiration date for certificate is =May 14 23:59:59 2020.

Recommended Linux Books  to read:

Other security related guides:

How To Configure Apache Web Page Authentication on Ubuntu / Debian

How To Install Libreswan on Ubuntu

Install Cisco AnyConnect on Ubuntu / Debian / Fedora

How To Install Metasploit Framework on Debian

.tdi_4.td-a-rec{text-align:center}.tdi_4 .td-element-style{z-index:-1}.tdi_4.td-a-rec-img{text-align:left}.tdi_4.td-a-rec-img img{margin:0 auto 0 0}@media(max-width:767px){.tdi_4.td-a-rec-img{text-align:center}}

RELATED ARTICLES

Most Popular

Recent Comments