Skip to Content

4 Ways to Check SSL certificate

SSL certificates are an important part of online security. They create a secure connection between your website and your visitors, which helps to protect their data. In order to keep your website safe, it is important to make sure that your SSL certificate is up-to-date and working properly.

In this blog post, we will discuss four ways to check your SSL certificate.SSL/TLS certificates verify and validate the identity of the certificate holder or applicant before authenticating it.

Check SSL certificate from a certificate file with Openssl command

The OpenSSL command is a tool used to manage SSL certificates. It can be used to view information about SSL certificates, as well as to troubleshoot and fix problems with them. We can use the flowing command to check the SSL certificate.

The OpenSSL x509 command allows you to view the details of an SSL certificate. It can be used to view the certificate’s issuer, validity dates, and other information. To use the command, open a terminal and type “openssl x509 -in certificate_file -text”. This will print the text contents of the certificate to the terminal.

  • openssl x509 -text -in certificate.crt -noout

Example:

  • openssl x509 in hydssl.cer text noout

 

You can also use the OpenSSL x509 command to check the expiration date of an SSL certificate. To do this, type “openssl x509 -in certificate_file -checkend N” where N is the number of days in the future you want to check. For example, if you wanted to check if a certificate will expire within the next 30 days, you would type “openssl x509 -in certificate_file -checkend 2592000”.

If you want to view the issuing authority of an SSL certificate, you can use the “-issuer” option. For example, “openssl x509 -in certificate_file -issuer”. This will print the issuer’s name and other information to the terminal.

You can also use the OpenSSL x509 command to check the revocation status of an SSL certificate. To do this, type “openssl x509 -in certificate_file -CRL”. This will print the Certificate Revocation List to the terminal. If a certificate is on this list, it has been revoked and should not be trusted.

SSL vs TLS and how to check TLS version in Linux

Check SSL certificate from a server URL

The OpenSSL s_client command allows you to connect to an SSL server and view the certificate information. It can be used to verify that the SSL certificate is valid and has not been revoked. To use the command, open a terminal and type “openssl s_client -connect server:port”. This will connect to the server on the specified port and print the certificate information to the terminal.

openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -text

Example:

  • echo | openssl s_client -servername howtouselinux.com -connect howtouselinux.com:443 2>/dev/null | openssl x509 -text
  • openssl s_client -servername google.com -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
    notBefore=Aug 16 01:37:02 2021 GMT
    notAfter=Nov 8 01:37:01 2021 GMT

Understanding openssl command options

The openssl is a very useful diagnostic tool for TLS and SSL servers. The openssl command-line options are as follows:

 

  • s_client : The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
  • -servername $DOM : Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
  • -connect $DOM:$PORT : This specifies the host ($DOM) and optional port ($PORT) to connect to.
  • x509 : Run certificate display and signing utility.
  • -noout : Prevents output of the encoded version of the certificate.
  • -dates : Prints out the start and expiry dates of a TLS or SSL certificate.

 

Check SSL certificate from online Certificate Decoder

The SSL Certificate Decoder tool instantly decodes any SSL Certificate-no matter what format: PEM, DER, or PFX encoded SSL Certificates. It works quickly and accurately to strip all the information from our certificate and present it in an easy-to-understand way.

To use the certificate decoder tool, paste our certificate into the field below and let the certificate decoder do the rest. https://comodosslstore.com/ssltools/cert-decoder.php

Example:

  • Common Name : HydrantID Server CA O1
  • Organization : IdenTrust
  • Organization Unit : HydrantID Trusted Certificate Service
  • Country : US
  • Valid From : Dec 12,2019
  • Valid To : Dec 12,2029
  • Issuer : IdenTrust
  • Serial Number : 85078034981552318268408137974808230776

 

Check SSL certificate from the online tool

There are many online tools to check the SSL certificate info. https://www.digicert.com/help/ is one of them. We can input the domain name to check it. All the info in the certificate will be displayed including the expiration date. This will also display the expiration date for all the intermediate certificates.

Example:

  • The certificate expires November 6, 2021 (70 days from today)
  • Subject howtouselinux.com Valid from 08/Aug/2021 to 06/Nov/2021
  • Subject R3 Valid from 04/Sep/2020 to 15/Sep/2025
  • Subject ISRG Root X1Valid from 20/Jan/2021 to 30/Sep/2024

 

Convert SSL certificate from CRT to PEM

Eric

Monday 9th of January 2023

Thank you for writing this post. It helps me a lot.