Skip to Content

4 Ways to Check SSL Certificate Expiration date

An SSL certificate helps to secure the communication between a client (such as a web browser) and a server (such as a website).

If the certificate has expired, it can no longer be trusted to secure this communication, and an attacker may be able to intercept and view sensitive information being transmitted between the client and server.

We will share 4 ways to check the SSL Certificate Expiration date.

 

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

Methods to check SSL Certificate Expiration date

  • using web browser. In most browsers, you can view the SSL certificate by clicking on the padlock icon in the address bar. This will open a new window that displays information about the certificate, including the issuer, expiration date, and more.
  • using openssl x509 command. The openssl x509 command is a multi-purpose certificate utility. It can be used to display certificate information, convert certificates to various forms.
  • using openssl s_client command. The openssl s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS. It is a very useful diagnostic tool for SSL servers. It checks whether the certificate is valid, trusted, and complete.
  • using online Certificate Decoder
  • using an online tool

 

what will happen after SSL certificate expires?

If an SSL certificate expires, the website will not be able to establish a secure connection with browsers. This can cause visitors to see security warnings and potentially leave the website.

It is important to renew SSL certificates before they expire in order to avoid these problems.

check SSL certificate expiration date from a certificate file

Openssl command is a very powerful tool to check SSL certificate expiration date. Open the terminal and run the following command. You will get the expiration date from the command output.

openssl x509 -enddate -noout -in file.cer

Example: openssl x509 -enddate -noout -in hydssl.cer
notAfter=Dec 12 16:56:15 2029 GMT

To see a list of all of the options that the openssl x509 command supports, type “openssl x509 -h” into your terminal. This will display a list of all of the available options, along with a brief description of each one.

  • Display the contents of a certificate: openssl x509 -in cert.pem -noout -text
  • Display the certificate serial number: openssl x509 -in cert.pem -noout -serial
  • Display the certificate subject name: openssl x509 -in cert.pem -noout -subject
  • Display the certificate subject name in RFC2253 form: openssl x509 -in cert.pem -noout -subject -nameopt RFC2253
  • Display the certificate subject name in oneline form on a terminal supporting UTF8: openssl x509 -in cert.pem -noout -subject -nameopt oneline,-esc_msb
  • Display the certificate SHA1 fingerprint: openssl x509 -sha1 -in cert.pem -noout -fingerprint

 

check SSL certificate expiration date from a server URL

The openssl s_client command is used to establish a SSL/TLS connection with a remote server. It can be used to verify the server’s certificate expiration date, or to request a specific cipher suite.

openssl s_client -servername example.com -connect example.com 2>/dev/null | openssl x509 -noout -dates

Example:
openssl s_client -servername google.com -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 16 01:37:02 2021 GMT
notAfter=Nov 8 01:37:01 2021 GMT

The openssl is a very useful diagnostic tool to check SSL certificate for TLS and SSL servers. Here are more openssl command-line options.

  • s_client : The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
  • -servername $DOM : Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
  • -connect $DOM:$PORT : This specifies the host ($DOM) and optional port ($PORT) to connect to.
  • x509 : Run certificate display and signing utility.
  • -noout : Prevents output of the encoded version of the certificate.
  • -dates : Prints out the start and expiry dates of a TLS or SSL certificate.

 

check SSL certificate expiration date from online Certificate Decoder

The SSL Certificate Decoder tool is another way to get the expiration date of SSL certificate.  It instantly decodes any SSL Certificate-no matter what format: PEM, DER, or PFX encoded SSL Certificates.

It works quickly and accurately to strip all the information from our certificate and present it in an easy-to-understand way.

To use the certificate decoder tool, go to page thesslstore and paste our certificate into the field and let the certificate decoder do the rest.

Example:

  • Common Name : HydrantID Server CA O1
  • Organization : IdenTrust
  • Organization Unit : HydrantID Trusted Certificate Service
  • Country : US
  • Valid From : Dec 12,2019
  • Valid To : Dec 12,2029
  • Issuer : IdenTrust
  • Serial Number : 85078034808230776

 

check SSL certificate expiration date from online tool

There are many online tools to check the SSL certificate info. Go to page ssllabs and input the domain name to check it.

All the info in the certificate will be displayed including the expiration date. This will also display the expiration date for all the certificates.

Example:

  • The certificate expires November 6, 2021 (70 days from today)
  • Subject www.howtouselinux.com Valid from 08/Aug/2021 to 06/Nov/2021
  • Subject R3 Valid from 04/Sep/2020 to 15/Sep/2025
  • Subject ISRG Root X1Valid from 20/Jan/2021 to 30/Sep/2024

 

how to renew an SSL certificate

First, you will need to generate a new CSR (Certificate Signing Request). You can do this using a tool like OpenSSL. Once you have generated the CSR, you will need to submit it to your CA (Certificate Authority).

Once the CA has issued your new certificate, you will need to install it on your web server. If you are not familiar with this, you may want to ask help from here thesslstore.com. Once the new certificate is installed, you should be all set! Your website will now be able to establish secure connections with browsers.

 

Related:

 

Nghui

Saturday 25th of November 2023

Great. openssl command works for me. Thanks.

Fen Fenw

Tuesday 7th of November 2023

It is great to see this article. I got my problem fixed. Thanks.

Daniel

Monday 6th of November 2023

This was a great read on checking SSL certificate expiration in Linux. I am going to write a shell script to and add it to cron jobs for monitoring purpose.

Hier Guert

Monday 6th of November 2023

In my journey as a System Administrator, managing SSL certificates has always been a critical task.

This article's detailed guide on how to check SSL certificate expiration using OpenSSL commands on a Linux system has been a tremendous help.

6 Underrated Linux Commands That Deserve More Attention - howtouselinux

Tuesday 24th of October 2023

[…] is particularly useful for checking certificate expiration dates and conducting similar […]