5 Ways to Check SSL Certificate Expiration date

An SSL certificate helps to secure the communication between a client (such as a web browser) and a server (such as a website).

If the certificate has expired, it can no longer be trusted to secure this communication, and an attacker may be able to intercept and view sensitive information being transmitted between the client and server.

We will share 5 ways to check the SSL Certificate Expiration date.

 

Methods to check SSL Certificate Expiration date

• using web browser. In most browsers, you can view the SSL certificate by clicking on the padlock icon in the address bar. This will open a new window that displays information about the certificate, including the issuer, expiration date, and more.
• using openssl x509 command. The openssl x509 command is a multi-purpose certificate utility. It can be used to display certificate information, convert certificates to various forms.
• using openssl s_client command. The openssl s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers. It checks whether the certificate is valid, trusted, and complete.
• using online Certificate Decoder
• using an online tool

 

what will happen after SSL certificate expires?

If an SSL certificate expires, the website will not be able to establish a secure connection with browsers. This can cause visitors to see security warnings and potentially leave the website.

It is important to renew SSL certificates before they expire in order to avoid these problems.

1. Using a Web Browser

Overview

The quickest and most user-friendly way to check an SSL certificate’s expiration date is directly through your web browser. Most modern browsers display certificate information prominently.

Steps to Check SSL Certificate in Your Browser

For Chrome, Edge, or Brave:

1. Navigate to the website whose certificate you want to check
2. Click on the padlock icon in the address bar (left side)
3. A dropdown menu will appear showing the connection status
4. Click on “Certificate is valid” or the certificate information option
5. A new window will open displaying detailed certificate information
6. Look for the “Valid until” field, which shows the expiration date

For Firefox:

1. Visit the website in question
2. Click the padlock icon in the address bar
3. Click on “Connection secure”
4. Select “More Information” or the arrow icon
5. In the window that opens, click the “View Certificate” button
6. Navigate to the “Details” tab to find the expiration date

For Safari:

1. Visit the website
2. Click on “Show Details” in the browser interface (if available)
3. Look for certificate information in the page details

Advantages

• ✅ No technical knowledge required
• ✅ Instant visual confirmation
• ✅ Works on any device with a web browser
• ✅ No additional software installation needed

Disadvantages

• ❌ Only shows information for the currently visited website
• ❌ Limited to websites you can access
• ❌ Cannot automate the process for monitoring multiple certificates

---

2. Using OpenSSL x509 Command

Overview

The openssl x509 command is a powerful and versatile utility for managing X.509 certificates. It can extract, display, and manipulate certificate information from various sources.

Basic Syntax

openssl x509 -in certificate.crt -text -noout

Method 1: From a Certificate File

If you have the certificate file saved locally:

See also: Mastering the Linux Command Line — Your Complete Free Training Guide

openssl x509 -in /path/to/certificate.crt -noout -dates

Output Example:

notBefore=Jan 15 10:30:00 2023 GMT
notAfter=Jan 15 10:30:00 2024 GMT

Method 2: Get Full Certificate Information

For comprehensive details including the expiration date:

openssl x509 -in /path/to/certificate.crt -text -noout

This command displays:

• Subject and Issuer information
• Serial number
• Validity period (notBefore and notAfter)
• Public key information
• Extensions
• Signature information

Method 3: Formatted Expiration Date Output

To get a more readable format:

openssl x509 -in /path/to/certificate.crt -noout -enddate

Output Example:

notAfter=Dec 31 23:59:59 2024 GMT

Advantages

• ✅ Detailed certificate information
• ✅ Works on Windows, Mac, and Linux
• ✅ Scriptable for automation and monitoring
• ✅ No internet connection required (for local files)
• ✅ Can process certificate files in various formats

Disadvantages

• ❌ Requires OpenSSL installation
• ❌ Requires access to the certificate file
• ❌ Command-line interface may intimidate beginners
• ❌ Cannot directly connect to remote servers

---

3. Using OpenSSL s_client Command

Overview

The openssl s_client command is a diagnostic tool that implements a generic SSL/TLS client. It connects to a remote server and retrieves its SSL certificate in real-time, making it ideal for checking live server certificates.

Basic Syntax

openssl s_client -connect hostname:port

How to Check SSL Certificate Expiration

Method 1: Basic Connection

Connect to a website and view its certificate:

openssl s_client -connect example.com:443

Method 2: Extract Only the Certificate

openssl s_client -connect example.com:443 -showcerts

Method 3: Check Expiration Date Directly

For a concise expiration date output:

echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -enddate

Output Example:

notAfter=Dec 15 23:59:59 2025 GMT

Method 4: Full Certificate Details

To get comprehensive information:

echo | openssl s_client -connect example.com:443 2>/dev/null | openssl x509 -text -noout

Method 5: Non-Standard Port

For websites using non-standard ports:

openssl s_client -connect example.com:8443

Advanced Options

• servername: Specify SNI hostname for TLS connections
• showcerts: Display the entire certificate chain
• dates: Show both notBefore and notAfter dates
• quiet: Suppress verbose output

Advantages

• ✅ Connects to live servers remotely
• ✅ No need for certificate files
• ✅ Shows complete certificate chain
• ✅ Verifies certificate validity and chain completeness
• ✅ Highly scriptable for automated monitoring
• ✅ Works with standard and non-standard ports

Disadvantages

• ❌ Requires OpenSSL installation
• ❌ Command-line interface
• ❌ Verbose output requires parsing
• ❌ May be blocked by firewalls or WAF policies

---

4. Using Online Certificate Decoder

Overview

Online certificate decoder tools provide a web-based interface to decode and analyze certificates. These tools allow you to upload certificate files and view all details in a formatted, user-friendly manner.

How to Use

Step 1: Access the Tool

Visit a certificate decoder website such as:

• SSL Certificate Decoder

Step 2: Upload or Paste Certificate

• Copy your certificate content (including ----BEGIN CERTIFICATE----- and ----END CERTIFICATE-----)
• Paste it into the decoder text area, or
• Upload the certificate file if the tool supports file uploads

Step 3: View Results

The tool will display:

• Certificate issuer and subject
• Expiration date (clearly highlighted)
• Serial number
• Public key information
• Certificate extensions
• Validity period

Advantages

• ✅ User-friendly interface
• ✅ No software installation required
• ✅ Clear, formatted display
• ✅ Works on any device with internet access
• ✅ Perfect for non-technical users
• ✅ Often includes additional security information

Disadvantages

• ❌ Requires internet connection
• ❌ Security concerns uploading certificates to external sites
• ❌ Not suitable for sensitive or private certificates
• ❌ Cannot check live server certificates directly
• ❌ Limited to certificate file analysis

---

5. Using Generic Online Tools

Overview

Several other online platforms offer SSL certificate checking capabilities. These tools often combine multiple features and provide real-time monitoring capabilities.

Popular Online Tools

SSL Labs (Qualys SSL Labs)

• URL: https://www.ssllabs.com/ssltest/
• Features:
  • Comprehensive SSL/TLS analysis
  • Certificate expiration date display
  • Security assessment and vulnerabilities
  • Chain completion verification
  • Supports live server testing

How to Use Generic Online Tools

1. Visit the website
2. Enter your domain name (e.g., example.com)
3. Click “Check” or “Analyze”
4. Review the results showing:
   • Issuer information
   • Issue and expiration dates
   • Days remaining until expiration
   • Certificate validity status

Advantages

• ✅ No installation required
• ✅ User-friendly interface
• ✅ Instant results
• ✅ Tests live servers
• ✅ Often includes security analysis
• ✅ Suitable for all technical levels
• ✅ Can monitor multiple certificates

Disadvantages

• ❌ Requires internet connection
• ❌ May have rate limiting or usage restrictions
• ❌ Limited or no automation capabilities
• ❌ Results depend on external service availability
• ❌ Some tools may be slow for large-scale checks

how to renew an SSL certificate

First, you will need to generate a new CSR (Certificate Signing Request). You can do this using a tool like OpenSSL. Once you have generated the CSR, you will need to submit it to your CA (Certificate Authority).

Once the CA has issued your new certificate, you will need to install it on your web server. If you are not familiar with this, you may want to ask help from here thesslstore.com. Once the new certificate is installed, you should be all set! Your website will now be able to establish secure connections with browsers.

 

Related:

• Exploring SSL Certificate Chain with Examples
• Understanding X509 Certificate with Openssl Command
• OpenSSL Command to Generate View Check Certificate
• Converting CER CRT DER PEM PFX Certificate with Openssl
• SSL vs TLS and how to check TLS version in Linux
• Understanding SSH Key RSA DSA ECDSA ED25519
• Understanding server certificates with Examples