NOTES INDEX This page is part of the collection of "notes" - these can be considered to be micro-blogs.
Check SSL Certificate Expire From Command Line

Check SSL Certificate Expire From Command Line

If you want to check SSL Certificate expires from the Linux command line, you can do that like this:

echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -datesCode language: Bash (bash)

(Of course replace the www.kaper.com by the host you want to check).

Here’s a full example run:

$ echo | openssl s_client -showcerts -servername www.kaper.com -connect www.kaper.com:443 | openssl x509 -noout -dates
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = www.kaper.com
verify return:1
DONE
notBefore=Nov 30 23:17:48 2021 GMT
notAfter=Feb 28 23:17:47 2022 GMT
Code language: Bash (bash)

If you want to see some more details (for example to get a copy of the public certificates), use:

echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443Code language: Bash (bash)

Don’t have openssl client? And you do not want to install it locally? You can also run it in docker:

# start an ubuntu image
docker run -ti --rm ubuntu

# inside the image, run:

apt-get update
apt-get install -y openssl
echo | openssl s_client -showcerts -servername kaper.com -connect kaper.com:443
exitCode language: Bash (bash)

Note: you can use the openssl check also for other transports than https. Just use 636 for ldaps for example.

December 19, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *