Check SSL/TLS Certificates
Check the expiration date of an SSL or TLS certificate
Open the Terminal application and then run the following command:
$ openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
$ echo -n Q | openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
Finding SSL certificate expiration date from a PEM-encoded certificate file
The syntax is as follows query the certificate file for when the TLS/SSL certification will expire
$ openssl x509 -enddate -noout -in {/path/to/my/my.pem}
$ openssl x509 -enddate -noout -in /etc/nginx/ssl/www.cyberciti.biz.fullchain.cer.ecc
$ openssl x509 -enddate -noout -in /etc/nginx/ssl/www.nixcraft.com.fullchain.cer
We can also check if the certificate expires within the given timeframe. For example, find out if the TLS/SSL certificate expires within next 7 days (604800 seconds):
$ openssl x509 -enddate -noout -in my.pem -checkend 604800
# Check if the TLS/SSL cert will expire in next 4 months #
$ openssl x509 -enddate -noout -in my.pem -checkend 10520000
Last updated
Was this helpful?