Zabezpieczanie serwera Linux: Jak sprawdzić daty wygaśnięcia certyfikatu TLS/SSL. W tym artykule, we will learn how to check the expiration date of an SSL/TLS certificate from the command line using the OpenSSL client. The OpenSSL client provides detailed information about the validity dates, expiry dates, and issuing authority of the certificate.
To check the expiration date of an SSL/TLS certificate, open the Terminal application and run the following command:
openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
Na przykład, to find out the expiration date of the certificate Do enterinit.com, uruchom następujące polecenie:
DOM="enterinit.com"
PORT="443"
openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
The output will include information about the certificate’s start and expiry dates.
You can add the echo
command to avoid having to press CTRL+C
, as shown below:
DOM="{SITE_URL}"
PORT="443"
echo | openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
The openssl
command-line options used in the above commands are as follows:
s_client
: Implements a generic SSL/TLS client that connects to a remote host using SSL/TLS.-servername $DOM
: Sets the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.-connect $DOM:$PORT
: Specifies the host ($DOM) and optional port ($PORT) to connect to.x509
: Runs certificate display and signing utility.-noout
: Prevents output of the encoded version of the certificate.-dates: Prints out the start and expiry dates of a TLS or SSL certificate.
To find out the expiration date of a PEM encoded certificate file, uruchom następujące polecenie:
openssl x509 -enddate -noout -in {/path/to/my/my.pem}
Na przykład, to find out the expiration date of the certificate for enterinit.com, uruchom następujące polecenie:
openssl x509 -enddate -noout -in /etc/nginx/ssl/enterinit.com
The output will include the certificate’s expiry date.
You can also check if the certificate will expire within a given timeframe. Na przykład, to find out if the certificate will expire within the next seven days, uruchom następujące polecenie:
openssl x509 -enddate -noout -in my.pem -checkend 604800
To check if the certificate will expire in the next four months, uruchom następujące polecenie:
openssl x509 -enddate -noout -in my.pem -checkend 10520000
W podsumowaniu, OpenSSL is a powerful diagnostic tool that provides useful information about the SSL/TLS certificates. It helps you to ensure that the certificates are valid and up-to-date, and to take timely action when necessary.