2 Ways to Check TLS Certificate expiration Date with OpenSSL Command

We can quickly solve TLS or SSL certificate issues by checking the certificate’s expiration from the openssl command line.

Today, let us see how to check certificate’s expiration date in 2 ways.

The first one is to check the certificate on remote server side. The second is to check the certificate by PEM files.

Check TLS/SSL certificate expiration date on Remote server

To check the SSL certificate expiration date, we can use the OpenSSL command-line client.

Initially, we check the expiration date of an SSL or TLS certificate.

To do so, we open the terminal application and run:

$ openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates
$ echo | openssl s_client -servername {SERVER_NAME} -connect {SERVER_NAME}:{PORT} | openssl x509 -noout -dates

Example:
Then to find out the expiration date for www.sslhow.com, we enter:

DOM=”www.sslhow.com”
PORT=”443″
openssl s_client -servername $DOM -connect $DOM:$PORT | openssl x509 -noout -dates

Our output will show dates and other information:

depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = “Cloudflare, Inc.”, CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = “Cloudflare, Inc.”, CN = www.sslhow.com
verify return:1
notBefore=Nov 28 00:00:00 2021 GMT
notAfter=Nov 27 23:59:59 2022 GMT

In addition, we add the echo command to avoid pressing the CTRL+C.

We can find the SSL certificate expiration date from a PEM encoded certificate file.

We query the certificate file for when the TLS/SSL certification will expire:

notAfter=Nov 27 23:59:59 2022 GMT

In addition, we can check if the certificate expires within the given timeframe.

For example,