How to determine when a certificate key will expire using OpenSSL

Home > Search > How-to

The openssl command with the enddate option can be used to determine when a certificate will expire. In this example, the certificate will expire on July 16, 2017. This command can be run on any file that contains a certificate, such as a .pem or .crt file. The noout option excludes the actual certificate from the output, so that only the enddate is displayed.

[root@server1 ~]# openssl x509 -enddate -noout -in example.pem
notAfter=Jul 16 10:13:34 2017 GMT


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.