HowTo : Check SSL Certificate Expiration Date from the Linux Shell

openssl x509 -noout -in <certificate> -dates

An SSL certificate contains such information as : issuer, validity dates, subject, and other stuff.

It is a quite common task to check if an SSL certificate is valid and when it expires.

You can easily use the Linux command line and the OpenSSL utility to retrieve all this information from the website’s SSL certificate.

Use the Linux command line to connect to a remote https website, decode SSL certificate and get its validity date.

 

Checking the Validity Date of an SSL Certificate

Check when an SSL certificate expires from the Linux command line :
echo | openssl s_client -connect site:port 2>/dev/null | openssl x509 -noout -dates
Let’s check when the SSL certificate of google.com expires :

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -dates
notBefore=Jun1912:44:042013 GMT
notAfter=Oct3123:59:592013 GMT

Extract Additional Information from an SSL Certificate

Each SSL certificate contains the information about : issuer (Who issued the certificate?), validity dates (For what dates is the certificate valid?), subject (To whom was the certificate issued?), get the hash value, get the MD5 fingerprint and other stuff.

Who issued the certificate?

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -issuer
issuer=/C=US/O=GoogleInc/CN=GoogleInternetAuthority G2

To whom was the certificate issued?

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -subject
subject=/C=US/ST=California/L=MountainView/O=GoogleInc/CN=*.google.com

For what dates is the certificate valid?

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -dates
notBefore=Dec1112:49:142013 GMT
notAfter=Apr1000:00:002014 GMT

The above, all at once :

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -issuer -subject -dates
issuer=/C=US/O=GoogleInc/CN=GoogleInternetAuthority G2
subject=/C=US/ST=California/L=MountainView/O=GoogleInc/CN=*.google.com
notBefore=Dec1112:49:142013 GMT
notAfter=Apr1000:00:002014 GMT

What is its hash value?

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -hash
a18bd28a

What is its MD5 fingerprint?

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -fingerprint
SHA1 Fingerprint=AD:3C:56:FB:E8:C0:62:B0:FF:89:21:52:98:B1:A1:D4:94:A4:1C:84

Extract all information from an SSL certificate :

$ echo | openssl s_client -connect google.com:4432>/dev/null| openssl x509 -noout -text

 

发表评论