Securing Your Linux Server: How to Check TLS/SSL Certificate Expiration Dates

Securing Your Linux Server: How to Check TLS/SSL Certificate Expiration Dates. Neste artigo, we will learn how to check the expiration date of an SSL/TLS certificado do linha de comando using the OpenSSL cliente. O OpenSSL client provides detailed information about the validity dates, expiry dates, and issuing authority of the certificado.

To check the expiration date of an SSL/TLS certificado, open the Terminal application and run the following command:

openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates

Por exemplo, to find out the expiration date of the certificate para Enterinit.com, run the following command:

DOM="enterinit.com"
PORT="443"
openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates

The output will include information about the certificate’s start and expiry dates.

You can add the echo command to avoid having to press CTRL+C, as shown below:

DOM="{SITE_URL}"
PORT="443"
echo | openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates

O openssl command-line options used in the above commands are as follows:

• s_client: Implements a generic SSL/TLS client that connects to a remote host using SSL/TLS.
• -servername $DOM: Sets the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
• -connect $DOM:$PORT: Specifies the host ($DOM) and optional port ($PORT) to connect to.
• x509: Runs certificado display and signing utility.
• -noout: Prevents output of the encoded version of the certificado.
• -dates: Prints out the start and expiry dates of a TLS or SSL certificate.

To find out the expiration date of a PEM encoded certificado arquivo, run the following command:

openssl x509 -enddate -noout -in {/path/to/my/my.pem}

Por exemplo, to find out the expiration date of the certificado para Enterinit.com, run the following command:

openssl x509 -enddate -noout -in /etc/nginx/ssl/enterinit.com

The output will include the certificate’s expiry date.

You can also check if the certificado will expire within a given timeframe. Por exemplo, to find out if the certificado will expire within the next seven days, run the following command:

openssl x509 -enddate -noout -in my.pem -checkend 604800

To check if the certificado will expire in the next four months, run the following command:

openssl x509 -enddate -noout -in my.pem -checkend 10520000

In summary, OpenSSL is a powerful diagnostic tool that provides useful information about the SSL/TLS certificates. It helps you to ensure that the certificates are valid and up-to-date, and to take timely action when necessary.