Linux: Get SSL Certificate Expiration Date

Objective: Get the SSL certificate expiration date of a website from the command line.

To decode SSL certificates from the command line, we can make use of the s_client sub command found under the openssl tool. The general syntax of the command is:

echo | openssl s_client -connect host:port 2>/dev/null | openssl x509 -dates -noout

1	echo \| openssl s_client -connect host:port 2>/dev/null \| openssl x509 -dates -noout

The host and port parameters have to be modified accordingly, based on the server that you want to check and the port that the web services are running on. To check the SSL certificate expiration dates for google.com:

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -dates -noout    
notBefore=Dec 15 13:48:27 2016 GMT
notAfter=Mar  9 13:35:00 2017 GMT

$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -dates -noout

notBefore=Dec 15 13:48:27 2016 GMT

notAfter=Mar 9 13:35:00 2017 GMT

The above output indicates that the SSL certificate for google.com is valid from 15-Dec-2016 13:48:27 GMT till 9-Mar-2017 13:35:00 GMT. The SSL certificate will expire on 9-Mar-2017 and will have to be replaced by then.

Mohamed Ibrahim

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }