4 Ways to Check SSL Certificate Expiration date

Table of Contents

SSL/TLS certificates verify and validate the identity of the certificate holder or applicant before authenticating it.

We will share 4 ways to check the SSL Certificate Expiration date.

check SSL certificate expiration date from a certificate file

Openssl command is a very powerful command to check certificate info in Linux.

We can use the flowing command to check the expiration date.

openssl x509 -enddate -noout -in file.cer


openssl x509 -enddate -noout -in hydssl.cer
notAfter=Dec 12 16:56:15 2029 GMT

Check SSL Certificate with OpenSSL

check SSL certificate expiration date from a server URL

openssl s_client -servername -connect 2>/dev/null | openssl x509 -noout -dates


openssl s_client -servername google.com -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 16 01:37:02 2021 GMT
notAfter=Nov 8 01:37:01 2021 GMT

Understanding openssl command options

The openssl is a very useful diagnostic tool for TLS and SSL servers. The openssl command-line options are as follows:

  • s_client : The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
  • -servername $DOM : Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
  • -connect $DOM:$PORT : This specifies the host ($DOM) and optional port ($PORT) to connect to.
  • x509 : Run certificate display and signing utility.
  • -noout : Prevents output of the encoded version of the certificate.
  • -dates : Prints out the start and expiry dates of a TLS or SSL certificate.

Check SSL Connection with OpenSSL S_client Command

check SSL certificate expiration date from online Certificate Decoder

The SSL Certificate Decoder tool instantly decodes any SSL Certificate-no matter what format: PEM, DER, or PFX encoded SSL Certificates.

It works quickly and accurately to strip all the information from our certificate and present it in an easy-to-understand way.

To use the certificate decoder tool, paste our certificate into the field below and let the certificate decoder do the rest.



  • Common Name : HydrantID Server CA O1
  • Organization : IdenTrust
  • Organization Unit : HydrantID Trusted Certificate Service
  • Country : US
  • Valid From : Dec 12,2019
  • Valid To : Dec 12,2029
  • Issuer : IdenTrust
  • Serial Number : 85078034981552318268408137974808230776

check SSL certificate expiration date from online tool

There are many online tools to check the SSL certificate info. https://www.digicert.com/help/ is one of them.

We can input the domain name to check it. All the info in the certificate will be displayed including the expiration date. This will also display the expiration date for all the intermediate certificates.


  • The certificate expires November 6, 2021 (70 days from today)
  • Subject howtouselinux.com Valid from 08/Aug/2021 to 06/Nov/2021
  • Subject R3 Valid from 04/Sep/2020 to 15/Sep/2025
  • Subject ISRG Root X1Valid from 20/Jan/2021 to 30/Sep/2024


Table of Contents

Share on facebook
Share on twitter
Share on linkedin

You might also like