Most websites are SSL-enabled now and you will see very few websites that do not have https:// in them. This article shows you how to find the expiration date of SSL certificates for a website or locally stored SSL certificates. SSL certificates have an expiration date, and have to be renewed every year or so to stay active.
We will find the expiration date for the SSL certificate of the website pinoymix.com. These commands work on both Linux and macOS.
- What is an SSL / TLS certificate?
- Using Firefox browser
- Using Google Chrome browser
- Using the Terminal to check website's SSL expiry date
- How does this openssl command work?
- Our SSL Certificate Lookup tool
- Using the Terminal to check local SSL certificates
- How to find whether the local SSL certificate has expired or will expire in the next 24 hours
- Check expiration dates for all SSL certificates in directory
- Conclusion
What is an SSL / TLS certificate?
X.509 Public Key Certificates aka SSL / TLS certificates are a small files that establish an encrypted link between a web server and a web browser or client. This link ensures that all data passed between the web server and browser remain private. When you see a website that has a padlock icon đ and https:// in the address bar instead of http://, that website is SSL-enabled. Now, even if a website has the https:// and a padlock đ it is possible that the SSL / TLS certificate is expired, and it shows up as "insecure". If you visit a website with an "insecure" warning, avoid filling up anything on that website and double-check the URL once more.
Now, let us find the expiration date of SSL / TLS certificates of a website.
Using Firefox browser
Visit the website pinoymix.com using your Firefox web browser. In the address bar, click on the padlock icon beside the address bar. You will see this popdown dialog.
SSL certificate expiration date using Firefox
Click on Connection secure. It will take you to a screen titled Connection security for pinoymix.com
Verified page in Firefox
Click on More information. It will open up a popup with web page information with a View Certificate button.
Certificate page info popup: Firefox
Click on the View Certificate button. This will take you to a page with all information about the SSL certificate issued for the website.
SSL Certificate details page: Firefox
You will see two dates under the Validity section. The date associated with the entry Not After is the expiration date of the SSL certificate. The date with the entry Not Before is the date the certificate was created.
Using Google Chrome browser
Visit the website pinoymix using your Google Chrome web browser. In the addrss bar, click on the padkock icon beside the address bar.
SSL certificate expiration date using Google Chrome
Click on Connection is secure. You will see the Connection Details popdown.
Connection Details: Google Chrome
Click on Certificate is valid link. You will be taken to a page with all the SSL certificate information.
Show SSL certificate: Google Chrome
The dates associated with the entries Issued On and Expires On are intuitive and self-explanatory.
Using the Terminal to check website's SSL expiry date
In Linux or macOS, we use the openssl command on the terminal. Open the Terminal app in macOS or terminal in Linux and type this:
echo | openssl s_client -servername pinoymix.com -connect pinoymix.com:443 2>/dev/null | openssl x509 -noout -dates
This will be your output:
$ echo | openssl s_client -servername pinoymix.com -connect pinoymix.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Oct 9 21:25:14 2023 GMT
notAfter=Jan 7 21:25:13 2024 GMT
The first line contains the creation date of the SSL certificate.
The second line contains the expiration date of the SSL certificate, and this is what we were looking for.
How does this openssl command work?
The syntax for this command is:
echo | openssl s_client -servername SERVER -connect SERVER:PORT 2>/dev/null | openssl x509 -noout -dates
SERVER is the domain name or website whose certificate expiration date we are trying to find; in this case, it is pinoymix.com.
PORT is the port number on which that website is running. The default is 443.
Our SSL Certificate Lookup tool
If you do not have the openssl program installed on your Linux or Mac machine, feel free to use our online tool:
Using the Terminal to check local SSL certificates
If you have an SSL certificate stored locally and want to read them to find the expiration date, we use the openssl command on the terminal, just as we did before.
Here, we are trying to read the Nginx certificate stored at /usr/local/etc/nginx/certs/cert.pem.
Open the Terminal app in macOS or terminal in Linux and type this:
openssl x509 -in /usr/local/etc/nginx/certs/cert.pem -text -noout
It will print all the details of the SSL certificate cert.pem.
To find only the expiration date of this SSL certificate:
openssl x509 -in /usr/local/etc/nginx/certs/cert.pem -dates -noout
This is the output:
$ openssl x509 -in /usr/local/etc/nginx/certs/cert.pem -dates -noout
notBefore=Feb 14 16:03:49 2023 GMT
notAfter=Feb 14 16:03:49 2024 GMT
As we can see, the expiration date of this local Nginx SSL certificate is February 14, 2024.
How to find whether the local SSL certificate has expired or will expire in the next 24 hours
Run this on the terminal:
openssl x509 -checkend 86400 -noout -in /usr/local/etc/nginx/certs/cert.pem
This will be your output:
$ openssl x509 -checkend 86400 -noout -in /usr/local/etc/nginx/certs/cert.pem
Certificate will not expire
openssl returns an exit code of 0 if the certificate has expired or will expire in the next 86,400 seconds (1 day). The checkend <SECONDS> option will verify it.
Using this is more convenient than doing datetime comparisons manually.
Check expiration dates for all SSL certificates in directory
If you have a bunch of certificates in the directory, this is how you check expiration dates for all of them. You can write a bash script for it.
!/usr/bin/bash
for pem in /usr/local/etc/nginx/certs/*.pem; do
printf '%s: %s\n' \
"$(date --date="$(openssl x509 -enddate -noout -in "$pem"|cut -d= -f 2)" --iso-8601)" \
"$pem"
done | sort
Output:
2023-10-12: /usr/local/etc/nginx/certs/key.pem
2023-10-26: /usr/local/etc/nginx/certs/client_ca.pem
2024-02-14: /usr/local/etc/nginx/certs/cert.pem
Conclusion
This article showed different ways of finding the expiration date of SSL certificates of remote websites or stored locally. If you want something in particular, you may contact me. Thanks.
Related Posts
If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.