SSL/TLS certificates verify and validate the identity of the certificate holder or applicant before authenticating it.
We will share 4 ways to check the SSL Certificate Expiration date.
check SSL certificate expiration date from a certificate file
Openssl command is a very powerful command to check certificate info in Linux.We can use the flowing command to check the expiration date.
openssl x509 -enddate -noout -in file.cer
openssl x509 -enddate -noout -in hydssl.cer notAfter=Dec 12 16:56:15 2029 GMT
check SSL certificate expiration date from a server URL
openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -dates
openssl s_client -servername google.com -connect google.com:443 2>/dev/null | openssl x509 -noout -dates notBefore=Aug 16 01:37:02 2021 GMT notAfter=Nov 8 01:37:01 2021 GMT
Understanding openssl command options
The openssl is a very useful diagnostic tool for TLS and SSL servers. The openssl command-line options are as follows:
s_client : The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
-servername $DOM : Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
-connect $DOM:$PORT : This specifies the host ($DOM) and optional port ($PORT) to connect to.
x509 : Run certificate display and signing utility.
-noout : Prevents output of the encoded version of the certificate.
-dates : Prints out the start and expiry dates of a TLS or SSL certificate.
check SSL certificate expiration date from online Certificate Decoder
The SSL Certificate Decoder tool instantly decodes any SSL Certificate-no matter what format: PEM, DER, or PFX encoded SSL Certificates.
It works quickly and accurately to strip all the information from our certificate and present it in an easy-to-understand way.
To use the certificate decoder tool, paste our certificate into the field below and let the certificate decoder do the rest.
Common Name : HydrantID Server CA O1
Organization : IdenTrust
Organization Unit : HydrantID Trusted Certificate Service
Country : US
Valid From : Dec 12,2019
Valid To : Dec 12,2029
Issuer : IdenTrust
Serial Number : 85078034981552318268408137974808230776
check SSL certificate expiration date from online tool
There are many online tools to check the SSL certificate info. https://www.digicert.com/help/ is one of them.
We can input the domain name to check it. All the info in the certificate will be displayed including the expiration date. This will also display the expiration date for all the intermediate certificates.
The certificate expires November 6, 2021 (70 days from today)
Subject howtouselinux.com Valid from 08/Aug/2021 to 06/Nov/2021
Subject R3 Valid from 04/Sep/2020 to 15/Sep/2025
Subject ISRG Root X1Valid from 20/Jan/2021 to 30/Sep/2024