List of Methods for Checking the Expiration Date and Contents of SSL Certificate
Published in
1 min readAug 29, 2022
Introduction
Collected commands for checking the expiration date and contents of SSL certificates on the command line.
Checking the expiration date of the SSL certificate
Check local files
root@vagrant:/home/vagrant# openssl x509 -noout -dates -in domain.crt
Server-side confirmation
- HTTPS
root@vagrant:/home/vagrant# echo | openssl s_client -connect example.com:443 2> /dev/null | openssl x509 -noout -enddate | cut -d= -f2
- SMTP
root@vagrant:/home/vagrant# openssl s_client -connect smtp.freesmtpservers.com:25 -starttls smtp | openssl x509 -noout -dates
root@vagrant:/home/vagrant# openssl s_client -connect example.com:587 -starttls smtp | openssl x509 -noout -dates
Verify Distinguished Name of SSL Certificate
root@vagrant:/home/vagrant# openssl x509 -noout -subject -in domain.crt#ORroot@vagrant:/home/vagrant# openssl x509 -noout -issuer -in domain.crt
Verify certificate file
root@vagrant:/home/vagrant# openssl x509 -noout -text -in domain.crt#ORroot@vagrant:/home/vagrant# openssl asn1parse -in domain.crt
Check private key file
root@vagrant:/home/vagrant# openssl rsa -noout -text -in domain.key
Check CSR file
root@vagrant:/home/vagrant# openssl req -noout -text -in domain.csr
Checking the server’s SSL certificate
root@vagrant:/home/vagrant# openssl s_client -showcerts -connect example.org:443
Checking the operation of the SSL certificate
root@vagrant:/home/vagrant# openssl s_server -accept 10443 -cert domain.crt -key domain.key -CAfile domain.ica -WWW
root@vagrant:/home/vagrant# openssl s_client -connect localhost:10433