Check SSL/TLS Certificates

Check the expiration date of an SSL or TLS certificate

Open the Terminal application and then run the following command:

$ openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
$ echo -n Q | openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates

Finding SSL certificate expiration date from a PEM-encoded certificate file

The syntax is as follows query the certificate file for when the TLS/SSL certification will expire

$ openssl x509 -enddate -noout -in {/path/to/my/my.pem}

$ openssl x509 -enddate -noout -in /etc/nginx/ssl/www.cyberciti.biz.fullchain.cer.ecc

$ openssl x509 -enddate -noout -in /etc/nginx/ssl/www.nixcraft.com.fullchain.cer

We can also check if the certificate expires within the given timeframe. For example, find out if the TLS/SSL certificate expires within next 7 days (604800 seconds):

$ openssl x509 -enddate -noout -in my.pem -checkend 604800

# Check if the TLS/SSL cert will expire in next 4 months #

$ openssl x509 -enddate -noout -in my.pem -checkend 10520000
PreviousDefault Credentials CheckingNextLog a terminal session

Last updated