Rendere sicuro il tuo server Linux: Come controllare le date di scadenza del certificato TLS/SSL. In questo articolo, we will learn how to check the expiration date of an SSL/TLS certificate from the command line using the OpenSSL client. The OpenSSL client provides detailed information about the validity dates, expiry dates, and issuing authority of the certificate.
To check the expiration date of an SSL/TLS certificate, open the Terminal application and run the following command:
openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
Per esempio, to find out the expiration date of the certificate per enterinit.com, eseguire il seguente comando:
DOM="enterinit.com"
PORT="443"
openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
The output will include information about the certificate’s start and expiry dates.
You can add the echo
command to avoid having to press CTRL+C
, as shown below:
DOM="{SITE_URL}"
PORT="443"
echo | openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
IL openssl
command-line options used in the above commands are as follows:
s_client
: Implements a generic SSL/TLS client that connects to a remote host using SSL/TLS.-servername $DOM
: Sets the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.-connect $DOM:$PORT
: Specifies the host ($DOM) and optional port ($PORT) to connect to.x509
: Runs certificate display and signing utility.-noout
: Prevents output of the encoded version of the certificate.-dates: Prints out the start and expiry dates of a TLS or SSL certificate.
To find out the expiration date of a PEM encoded certificate file, eseguire il seguente comando:
openssl x509 -enddate -noout -in {/path/to/my/my.pem}
Per esempio, to find out the expiration date of the certificate for enterinit.com, eseguire il seguente comando:
openssl x509 -enddate -noout -in /etc/nginx/ssl/enterinit.com
The output will include the certificate’s expiry date.
You can also check if the certificate will expire within a given timeframe. Per esempio, to find out if the certificate will expire within the next seven days, eseguire il seguente comando:
openssl x509 -enddate -noout -in my.pem -checkend 604800
To check if the certificate will expire in the next four months, eseguire il seguente comando:
openssl x509 -enddate -noout -in my.pem -checkend 10520000
In sintesi, OpenSSL is a powerful diagnostic tool that provides useful information about the SSL/TLS certificates. It helps you to ensure that the certificates are valid and up-to-date, and to take timely action when necessary.