How to Find SSL Certificate Expiration Date With OpenSSL

Published July 23, 2024

Most websites are SSL-enabled now and you will see very few websites that do not have https:// in them. This article shows you how to find the expiration date of SSL certificates for a website or locally stored SSL certificates. SSL certificates have an expiration date, and have to be renewed every year or so to stay active.

How to find the expiration date of SSL certificates

We will find the expiration date for the SSL certificate of the website pinoymix.com. These commands work on both Linux and macOS.

What is an SSL / TLS certificate?

X.509 Public Key Certificates aka SSL / TLS certificates are a small files that establish an encrypted link between a web server and a web browser or client. This link ensures that all data passed between the web server and browser remain private. When you see a website that has a padlock icon 🔒 and https:// in the address bar instead of http://, that website is SSL-enabled. Now, even if a website has the https:// and a padlock 🔒 it is possible that the SSL / TLS certificate is expired, and it shows up as "insecure". If you visit a website with an "insecure" warning, avoid filling up anything on that website and double-check the URL once more.

Now, let us find the expiration date of SSL / TLS certificates of a website.

Using Firefox browser

Visit the website pinoymix.com using your Firefox web browser. In the address bar, click on the padlock icon beside the address bar. You will see this popdown dialog.

SSL certificate expiration date using Firefox SSL certificate expiration date using Firefox

Click on Connection secure. It will take you to a screen titled Connection security for pinoymix.com

SSL certificate expiration date using Firefox Verified page in Firefox

Click on More information. It will open up a popup with web page information with a View Certificate button.

SSL certificate expiration date using Firefox Certificate page info popup: Firefox

Click on the View Certificate button. This will take you to a page with all information about the SSL certificate issued for the website.

SSL certificate details page on Firefox SSL Certificate details page: Firefox

You will see two dates under the Validity section. The date associated with the entry Not After is the expiration date of the SSL certificate. The date with the entry Not Before is the date the certificate was created.

Using Google Chrome browser

Visit the website pinoymix using your Google Chrome web browser. In the addrss bar, click on the padkock icon beside the address bar.

SSL certificate expiration date using Chrome SSL certificate expiration date using Google Chrome

Click on Connection is secure. You will see the Connection Details popdown.

SSL certificate expiration date using Chrome Connection Details: Google Chrome

Click on Certificate is valid link. You will be taken to a page with all the SSL certificate information.

SSL certificate expiration date using Chrome Show SSL certificate: Google Chrome

The dates associated with the entries Issued On and Expires On are intuitive and self-explanatory.

Using the Terminal to check website's SSL expiry date

In Linux or macOS, we use the openssl command on the terminal. Open the Terminal app in macOS or terminal in Linux and type this:

echo | openssl s_client -servername pinoymix.com -connect pinoymix.com:443 2>/dev/null | openssl x509 -noout -dates

This will be your output:

$ echo | openssl s_client -servername pinoymix.com -connect pinoymix.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Oct  9 21:25:14 2023 GMT
notAfter=Jan  7 21:25:13 2024 GMT

The first line contains the creation date of the SSL certificate.

The second line contains the expiration date of the SSL certificate, and this is what we were looking for.

How does this openssl command work?

The syntax for this command is:

echo | openssl s_client -servername SERVER -connect SERVER:PORT 2>/dev/null | openssl x509 -noout -dates

SERVER is the domain name or website whose certificate expiration date we are trying to find; in this case, it is pinoymix.com.

PORT is the port number on which that website is running. The default is 443.

Our SSL Certificate Lookup tool

If you do not have the openssl program installed on your Linux or Mac machine, feel free to use our online tool:

Using the Terminal to check local SSL certificates

If you have an SSL certificate stored locally and want to read them to find the expiration date, we use the openssl command on the terminal, just as we did before.

Here, we are trying to read the Nginx certificate stored at /usr/local/etc/nginx/certs/cert.pem.

Open the Terminal app in macOS or terminal in Linux and type this:

openssl x509 -in /usr/local/etc/nginx/certs/cert.pem -text -noout

It will print all the details of the SSL certificate cert.pem.

To find only the expiration date of this SSL certificate:

openssl x509 -in /usr/local/etc/nginx/certs/cert.pem -dates -noout

This is the output:

$ openssl x509 -in /usr/local/etc/nginx/certs/cert.pem -dates -noout
notBefore=Feb 14 16:03:49 2023 GMT
notAfter=Feb 14 16:03:49 2024 GMT

As we can see, the expiration date of this local Nginx SSL certificate is February 14, 2024.

How to find whether the local SSL certificate has expired or will expire in the next 24 hours

Run this on the terminal:

openssl x509 -checkend 86400 -noout -in /usr/local/etc/nginx/certs/cert.pem

This will be your output:

$ openssl x509 -checkend 86400 -noout -in /usr/local/etc/nginx/certs/cert.pem
Certificate will not expire

openssl returns an exit code of 0 if the certificate has expired or will expire in the next 86,400 seconds (1 day). The checkend <SECONDS> option will verify it.

Using this is more convenient than doing datetime comparisons manually.

Check expiration dates for all SSL certificates in directory

If you have a bunch of certificates in the directory, this is how you check expiration dates for all of them. You can write a bash script for it.

!/usr/bin/bash

for pem in /usr/local/etc/nginx/certs/*.pem; do 
   printf '%s: %s\n' \
      "$(date --date="$(openssl x509 -enddate -noout -in "$pem"|cut -d= -f 2)" --iso-8601)" \
      "$pem"
done | sort

Output:

2023-10-12: /usr/local/etc/nginx/certs/key.pem
2023-10-26: /usr/local/etc/nginx/certs/client_ca.pem
2024-02-14: /usr/local/etc/nginx/certs/cert.pem

Conclusion

This article showed different ways of finding the expiration date of SSL certificates of remote websites or stored locally. If you want something in particular, you may contact me. Thanks.

Related Posts

If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.

Disclaimer: Our website is supported by our users. We sometimes earn affiliate links when you click through the affiliate links on our website.

Last Updated: July 23, 2024.     This post was originally written on October 12, 2023.