NOTES INDEX This page is part of the collection of "notes" - these can be considered to be micro-blogs.
Check SSL Certificate Expire From Command Line

Check SSL Certificate Expire From Command Line

If you want to check SSL Certificate expires from the Linux command line, you can do that like this:

echo | openssl s_client -showcerts -servername -connect | openssl x509 -noout -dates
Code language: Bash (bash)

(Of course replace the by the host you want to check).

Here’s a full example run:

$ echo | openssl s_client -showcerts -servername -connect | openssl x509 -noout -dates depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = verify return:1 DONE notBefore=Nov 30 23:17:48 2021 GMT notAfter=Feb 28 23:17:47 2022 GMT
Code language: Bash (bash)

If you want to see some more details (for example to get a copy of the public certificates), use:

echo | openssl s_client -showcerts -servername -connect
Code language: Bash (bash)

Don’t have openssl client? And you do not want to install it locally? You can also run it in docker:

# start an ubuntu image docker run -ti --rm ubuntu # inside the image, run: apt-get update apt-get install -y openssl echo | openssl s_client -showcerts -servername -connect exit
Code language: Bash (bash)

Note: you can use the openssl check also for other transports than https. Just use 636 for ldaps for example.

December 19, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *