How to Determine Ssl Cert Expiration Date from a Pem Encoded Certificate

How to determine SSL cert expiration date from a PEM encoded certificate?

With openssl:

openssl x509 -enddate -noout -in file.pem

The output is on the form:

notAfter=Nov  3 22:23:50 2014 GMT

Also see MikeW's answer for how to easily check whether the certificate has expired or not, or whether it will within a certain time period, without having to parse the date above.

How to determine SSL cert expiration date from a PEM which have a lot of certificats concatenated on one file (pem)?

As found out in https://serverfault.com/questions/391396/how-to-split-a-pem-file#676968 something like that works:

openssl crl2pkcs7 -nocrl -certfile cert.pem | openssl pkcs7 -print_certs -text | grep -E '(Subject:|Not After)'

But the subject comes after the date.

Otherwise you need to do some shell glue using sed, awk or perl for example.

How to determine SSL cert expire date from the cert file itself(.p12)

You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command:

openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes

Then, you can extract the expiration date from the certificate in the .pem file using the following command:

cat certificate.pem | openssl x509 -noout -enddate

Check the expiry date of a Certificate in UNIX

You could use openssl:

openssl x509 -in cert.pem -inform PEM -noout -enddate

cert.pem should be PEM encoded. If you have DER encoded certificate (just binary data, no base64) then you can switch to -inform DER.

More information can be found here.

---

Related Topics