4 Ways to Check SSL Certificate Expiration date

Table of Contents

SSL/TLS certificates verify and validate the identity of the certificate holder or applicant before authenticating it. We will share 4 ways to check the SSL Certificate Expiration date.

Methods to check SSL Certificate Expiration date

  • using web browser. In most browsers, you can view the SSL certificate by clicking on the padlock icon in the address bar. This will open a new window that displays information about the certificate, including the issuer, expiration date, and more.
  • using openssl x509 command. The openssl x509 command is a multi-purpose certificate utility. It can be used to display certificate information, convert certificates to various forms.
  • using openssl s_client command. The openssl s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers. It checks whether the certificate is valid, trusted, and complete.
  • using online Certificate Decoder
  • using online tool


how to choose an SSL certificate

When choosing an SSL certificate, it is important to consider the type of encryption that is used. RSA is more widely used, but ECDSA is becoming increasingly popular due to its security features.

Another important factor to consider is the length of the certificate’s signature. The longer the signature, the more secure the connection will be. However, longer signatures can also lead to slower performance.

If you need a free SSL certificate for your website, Elementor Cloud Website is a great option. They offer fast speeds, good uptime, and excellent customer support. It is an end-to-end solution gives you everything you need in one place for your website. Web Hosting on Google Cloud + SSL certificate + WordPress + Website Builder + Templates.

We recommend using Elementor Cloud Website to build a website. It is very easy to start. You can get your website online in minutes. The price is $99 for one year. Plus, they offer a 30-day money-back guarantee, so you can try it out with no risk.

what will happen after SSL certificate expires?

If an SSL certificate expires, the website will not be able to establish a secure connection with browsers. This can cause visitors to see security warnings and potentially leave the website.

It is important to renew SSL certificates before they expire in order to avoid these problems.

check SSL certificate expiration date from a certificate file

Openssl command is a very powerful tool to check SSL certificate expiration date. Open the terminal and run the following command. You will get the expiration date from the command output.

openssl x509 -enddate -noout -in file.cer
Example: openssl x509 -enddate -noout -in hydssl.cer
notAfter=Dec 12 16:56:15 2029 GMT

To see a list of all of the options that the openssl x509 command supports, type “openssl x509 -h” into your terminal. This will display a list of all of the available options, along with a brief description of each one.

  • Display the contents of a certificate: openssl x509 -in cert.pem -noout -text
  • Display the certificate serial number: openssl x509 -in cert.pem -noout -serial
  • Display the certificate subject name: openssl x509 -in cert.pem -noout -subject
  • Display the certificate subject name in RFC2253 form: openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
  • Display the certificate subject name in oneline form on a terminal supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
  • Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint


check SSL certificate expiration date from a server URL

The openssl s_client command is used to establish a SSL/TLS connection with a remote server. It can be used to verify the server’s certificate expiration date, or to request a specific ciphersuite.

openssl s_client -servername -connect 2>/dev/null | openssl x509 -noout -dates

openssl s_client -servername -connect 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 16 01:37:02 2021 GMT
notAfter=Nov 8 01:37:01 2021 GMT

The openssl is a very useful diagnostic tool to check SSL certificate for TLS and SSL servers. Here are more openssl command-line options.

  • s_client : The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
  • -servername $DOM : Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
  • -connect $DOM:$PORT : This specifies the host ($DOM) and optional port ($PORT) to connect to.
  • x509 : Run certificate display and signing utility.
  • -noout : Prevents output of the encoded version of the certificate.
  • -dates : Prints out the start and expiry dates of a TLS or SSL certificate.


check SSL certificate expiration date from online Certificate Decoder

The SSL Certificate Decoder tool is another way to get the expiration date of SSL certificate.  It instantly decodes any SSL Certificate-no matter what format: PEM, DER, or PFX encoded SSL Certificates. It works quickly and accurately to strip all the information from our certificate and present it in an easy-to-understand way.

To use the certificate decoder tool, go to page and paste our certificate into the field and let the certificate decoder do the rest.


  • Common Name : HydrantID Server CA O1
  • Organization : IdenTrust
  • Organization Unit : HydrantID Trusted Certificate Service
  • Country : US
  • Valid From : Dec 12,2019
  • Valid To : Dec 12,2029
  • Issuer : IdenTrust
  • Serial Number : 85078034981552318268408137974808230776


check SSL certificate expiration date from online tool

There are many online tools to check the SSL certificate info. Go to page and input the domain name to check it.

All the info in the certificate will be displayed including the expiration date. This will also display the expiration date for all the certificates.


  • The certificate expires November 6, 2021 (70 days from today)
  • Subject Valid from 08/Aug/2021 to 06/Nov/2021
  • Subject R3 Valid from 04/Sep/2020 to 15/Sep/2025
  • Subject ISRG Root X1Valid from 20/Jan/2021 to 30/Sep/2024


how to renew an SSL certificate

First, you will need to generate a new CSR (Certificate Signing Request). You can do this using a tool like OpenSSL. Once you have generated the CSR, you will need to submit it to your CA (Certificate Authority).

Once the CA has issued your new certificate, you will need to install it on your web server. If you are not familiar with this, you may want to ask help from here Once the new certificate is installed, you should be all set! Your website will now be able to establish secure connections with browsers.




David Cao
David Cao

Hey there! I am David, a Cloud & DevOps Enthusiast and 18 years of experience as a Linux engineer. I work with AWS, Git & GitHub, Linux, Python, Ansible, and Bash. I am a technical blogger and a Software Engineer, enjoy sharing my learning and contributing to open-source.