FreeKB - OpenSSL Determine when a certificate or private key will expire
OpenSSL - Determine when a certificate or private key will expire

Let's say you have a certificate file, foo.cer. The file command can be used to determine if the file is cleartext or binary. In this example, foo.cer is a cleartext file.

~]# file foo.cer
foo.cer: PEM certificate

 

In this scenario, the cat command (on Linux) can be used to view the content of foo.cer. Something like this should be returned.

~]# cat foo.cer
-----BEGIN CERTIFICATE-----
MIIGhTCCBW2gAwIBAgITFwAS0Zj4+uylATknJgAAABLRmDANBgkqhkiG9w0BAQsF
ADBMMRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYGCgmSJomT8ixkARkWCHRocml2
ysR4VfQLr+A3zbM59CQjewP40y7oFgrpNuj8Hp1AXud3nsakEYFaGcc=
-----END CERTIFICATE-----

 

Let's say foo.cer is a binary file.

~]# file foo.file
foo.file: data

 

In this scenario, the cat command cannot be used. Attempting to view the content of foo.file will probably return mumbo jumbo, something like this.

~]# cat foo.file
h++-://c_+.+h_i+e++.c-+/ce_+e+_-+

 

The openssl command with the X509, -text, and -enddate options can be used to determine when a certificate will expire.

openssl x509 -in example.crt -text -enddate

 

If the file is a binary file, you will also need to include the -inform der option.

openssl x509 -in example.crt -inform der -text -enddate

 

Which should return something like this.

notAfter=Jul 16 10:13:34 2017 GMT

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 877ae in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |