# Check SSL/TLS Certificates

### Check the expiration date of an SSL or TLS certificate

Open the Terminal application and then run the following command:

{% code overflow="wrap" %}

```
$ openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
```

{% endcode %}

{% code overflow="wrap" %}

```
$ echo -n Q | openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
```

{% endcode %}

### Finding SSL certificate expiration date from a PEM-encoded certificate file

The syntax is as follows query the certificate file for when the TLS/SSL certification will expire

{% code overflow="wrap" %}

```
$ openssl x509 -enddate -noout -in {/path/to/my/my.pem}

$ openssl x509 -enddate -noout -in /etc/nginx/ssl/www.cyberciti.biz.fullchain.cer.ecc

$ openssl x509 -enddate -noout -in /etc/nginx/ssl/www.nixcraft.com.fullchain.cer
```

{% endcode %}

### We can also check if the certificate expires within the given timeframe. For example, find out if the TLS/SSL certificate expires within next 7 days (604800 seconds):

```
$ openssl x509 -enddate -noout -in my.pem -checkend 604800

# Check if the TLS/SSL cert will expire in next 4 months #

$ openssl x509 -enddate -noout -in my.pem -checkend 10520000
```