You can check the expiration date of a TLS/SSL certificate from the command line using the “openssl” tool. Here’s an example command that checks the expiration date of a certificate for the domain “example.com”:
openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -dates
The “-connect” option specifies the domain and port to connect to. The “-servername” option is used for servers that host multiple domains on the same IP address. The “2>/dev/null” at the end of the command suppresses any error messages.
The output of the command will show the “notBefore” and “notAfter” fields, which indicate the start and expiration dates of the certificate, respectively. The date format is in the format of “Mon DD HH:MM:SS YYYY GMT”
You can also use the following command which is more concise and uses the date
command to format the output
echo | openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -enddate | awk '{print $4,$5,$7}' | date -f - +%Y-%m-%d
This command will return the expiration date of the certificate in the format “YYYY-MM-DD”.
You can also use the openssl x509 -checkend
option, which returns the number of seconds till the certificate expires.
openssl x509 -enddate -noout -in certificate.crt | awk -F'=' '{print $2}' | xargs -I {} date -d {} +%s
This command will return the number of seconds till the expiration date of the certificate.
You can also use other tools like “curl” and “gnutls-cli” to check the expiration date of a certificate, which works the same way.