Check SSL expiration date from CLI

Introduction

How we can check the SSL certificate expiration date from my Linux shell ??

To check the SSL certificate expiration date, we will need OpenSSL client, this client provides tons of data, like validity dates, expiry dates, who issued the SSL certificate, etc.

Let’s check the expiration date of an SSL

Run following command in terminal

root@vagrant:/home/vagrant# openssl s_client -servername google.com -connect google.com:443 | openssl x509 -noout -dates
depth=2 OU = GlobalSign Root CA - R2, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com
verify return:1
notBefore=Nov 10 14:34:43 2020 GMT
notAfter=Feb  2 14:34:42 2021 GMT

Explanation OpenSSL command:

• s_client: Generic SSL/TLS client which is used to connect to a remote host
• -servername: Server Name Indication in the clienthello message
• -connect: Host and port to connect to.
• openssl x509: certificate utility for display/signing
• -noout: This option prevent encoded output version certificate.
• -dates: Shows start and expiry dates of SSL certificate.