Protegendo seu servidor Linux: Como verificar as datas de expiração do certificado TLS/SSL. Neste artigo, we will learn how to check the expiration date of an SSL/TLS certificate from the command line using the OpenSSL client. The OpenSSL client provides detailed information about the validity dates, expiry dates, and issuing authority of the certificate.
To check the expiration date of an SSL/TLS certificate, open the Terminal application and run the following command:
openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
Por exemplo, to find out the expiration date of the certificate para enterinit.com, execute o seguinte comando:
DOM="enterinit.com"
PORT="443"
openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
The output will include information about the certificate’s start and expiry dates.
You can add the echo
command to avoid having to press CTRL+C
, as shown below:
DOM="{SITE_URL}"
PORT="443"
echo | openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
O openssl
command-line options used in the above commands are as follows:
s_client
: Implements a generic SSL/TLS client that connects to a remote host using SSL/TLS.-servername $DOM
: Sets the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.-connect $DOM:$PORT
: Specifies the host ($DOM) and optional port ($PORT) to connect to.x509
: Runs certificate display and signing utility.-noout
: Prevents output of the encoded version of the certificate.-dates: Prints out the start and expiry dates of a TLS or SSL certificate.
To find out the expiration date of a PEM encoded certificate file, execute o seguinte comando:
openssl x509 -enddate -noout -in {/path/to/my/my.pem}
Por exemplo, to find out the expiration date of the certificate for enterinit.com, execute o seguinte comando:
openssl x509 -enddate -noout -in /etc/nginx/ssl/enterinit.com
The output will include the certificate’s expiry date.
You can also check if the certificate will expire within a given timeframe. Por exemplo, to find out if the certificate will expire within the next seven days, execute o seguinte comando:
openssl x509 -enddate -noout -in my.pem -checkend 604800
To check if the certificate will expire in the next four months, execute o seguinte comando:
openssl x509 -enddate -noout -in my.pem -checkend 10520000
Resumindo, OpenSSL is a powerful diagnostic tool that provides useful information about the SSL/TLS certificates. It helps you to ensure that the certificates are valid and up-to-date, and to take timely action when necessary.