Securing Your Linux Server: How to Check TLS/SSL Certificate Expiration Dates. I den här artikeln, we will learn how to check the expiration date of an SSL/TLS certificate from the command line using the OpenSSL client. The OpenSSL client provides detailed information about the validity dates, expiry dates, and issuing authority of the certificate.
To check the expiration date of an SSL/TLS certificate, open the Terminal application and run the following command:
openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
Till exempel, to find out the expiration date of the certificate för enterinit.com, kör följande kommando:
DOM="enterinit.com"
PORT="443"
openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
The output will include information about the certificate’s start and expiry dates.
You can add the echo
command to avoid having to press CTRL+C
, as shown below:
DOM="{SITE_URL}"
PORT="443"
echo | openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates
De openssl
command-line options used in the above commands are as follows:
s_client
: Implements a generic SSL/TLS client that connects to a remote host using SSL/TLS.-servername $DOM
: Sets the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.-connect $DOM:$PORT
: Specifies the host ($DOM) and optional port ($PORT) to connect to.x509
: Runs certificate display and signing utility.-noout
: Prevents output of the encoded version of the certificate.-dates: Prints out the start and expiry dates of a TLS or SSL certificate.
To find out the expiration date of a PEM encoded certificate file, kör följande kommando:
openssl x509 -enddate -noout -in {/path/to/my/my.pem}
Till exempel, to find out the expiration date of the certificate for enterinit.com, kör följande kommando:
openssl x509 -enddate -noout -in /etc/nginx/ssl/enterinit.com
The output will include the certificate’s expiry date.
You can also check if the certificate will expire within a given timeframe. Till exempel, to find out if the certificate will expire within the next seven days, kör följande kommando:
openssl x509 -enddate -noout -in my.pem -checkend 604800
To check if the certificate will expire in the next four months, kör följande kommando:
openssl x509 -enddate -noout -in my.pem -checkend 10520000
In summary, OpenSSL is a powerful diagnostic tool that provides useful information about the SSL/TLS certificates. It helps you to ensure that the certificates are valid and up-to-date, and to take timely action when necessary.