Home » Article » How To Check SSL Certificate Expiration with OpenSSL
Quoted from Wikipedia: OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.
If you have an SSL file in your server, don’t know how to see it will expire? No need to use a third party website to check your SSL expiration
You can use OpenSSL for all kinds of purposes around SSL Certificates, such as how to create your own certificate, private key, csr, and see your SSL expiration.
Check SSL certificate expiration date from OpenSSL
1. Open command prompt, then go to OpenSSL bin directory. If you don’t have it, install it first [Download]
Set directory to /bin, for example: my openssl bin directory is in “C:\Program Files\OpenSSL-Win64\bin” Then enter the command “cd C:\Program Files\OpenSSL-Win64\bin”
2. Prepare your SSL certificate file in bin directory [certificate.crt], it is needed to see the expiry date using the Command
Enter the following command to see the expiry date of your certificate
openssl x509 -in certificate.crt -text -noout
Now we know when the ssl certificate will be expired
Check SSL certificate expiration date without OpenSSL
Actually there is another way to see the expiry of your ssl certificate, that is by opening the crt file itself … Here we go!
1. Go to your SSL certificate directory
2. Double-click on your SSL Certificate file, it will look like below
You will see in the valid from section, that is your SSL certificate expiration.
But in order to get more valid information, it’s better to use Open-SSL Command, it’s not that hard to do it, right?
Video Tutorial How to Check SSL Certificate Expiration with OpenSSL
Conclution
The above steps are very important to see the quality of your SSL certificate, because we need to know when to replace it with a new certificate.
I hope this gave you an idea of how to view certificate expiry date with Open-SSL.
See More Article
TLS/SSL certificates are used for encrypting websites or web applications. They provide much-needed privacy and confidentiality to users who are interacting with the webserver via a browser or on command-line. Different SSL certificates have different validity periods with the maximum being 397 days [ 1 year, 1 month, and 2 days] from 1, September 2020. Let's Encrypt provides validity of up to 90 days.
When CA [ Certificate Authority ] issues an SSL certificate, it adds to it an expiration date beyond which the certificate stops encrypting the site. If the certificate is not renewed, visitors to your site are met by an ominous warning that your connection is not private.
This tutorial shows how to check the expiration date of an SSL/TLS certificate using OpenSSL from a live website, self-signed certificate, .p12 file, and pem certificate file.
OpenSSL is a software library for applications commonly used to generate private keys, create CSRs, install SSL/TLS certificates, and identify certificate information. OpenSSL is installed by default in most Linux Distributions.
01. To check SSL certificate expiration date on a Live website, first define and export the variables as shown.
export SITE_URL="site name"
export SITE_SSL_PORT="443"
Then use the following openssl command to display the expiration date:
$ openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} -servername ${SITE_URL} 2> /dev/null | openssl x509 -noout -dates
02. To check for the expiry date of a self-signed certificate, type:
$ cat /etc/ssl/certs/nginx.crt | openssl x509 -noout -enddate
Here, we are checking the SSL certificate applied on the Nginx web server.
The notAfter flag indicates the expiry date. For example, in the screenshot below, the expiry of the SSL certificate is May 25 2022 at 13:47:20 hours.
03. To check the expiration date from pem encoded certificate file
$ openssl pkcs12 -in mycert.p12 -nodes | openssl x509 -noout -enddate
04. To check expiration date from a PEM certificate file, type:
$ openssl x509 -enddate -noout -in /path/file.pem
Conclusion
In this tutorial, we learned how to check the expiry date of an SSL certificate in a simple and convenient way using OpenSSL. In most cases, the SSL certificate vendor will notify the impending expiry of the certificate via email, upon which will be required to renew the certificate.