FreeKB - OpenSSL Determine when a certificate or private key will expire
OpenSSL - Determine when a certificate or private key will expire

Using the cat command to view a certificate file (such as example.crt) will display something like this.

-----BEGIN CERTIFICATE-----
MIIGhTCCBW2gAwIBAgITFwAS0Zj4+uylATknJgAAABLRmDANBgkqhkiG9w0BAQsF
ADBMMRQwEgYKCZImiZPyLGQBGRYEY29ycDEYMBYGCgmSJomT8ixkARkWCHRocml2
ZW50MRowGAYDVQQDExFUSFJJVkVOVElTU1VJTkdDQTAeFw0yMDA0MjcxMjU3NDla
Fw0yMjA0MjcxMjU3NDlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJXSTERMA8G
A1UEBxMIQXBwbGV0b24xGzAZBgNVBAoTElRocml2ZW50IEZpbmFuY2lhbDEfMB0G
A1UECxMWSW5mb3JtYXRpb24gVGVjaG5vbG9neTERMA8GA1UEAxMITVFTSVNWQTEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVKIMwyutbQh1J8etzyuzM
bBP1U3JzlQpFjCC+1PvGyeICBb+effaW7Q9kIilXaIeIo0CvGEliQPm4/LHsn5fB
KGKM9zsTSwwEdhOvbTMnCDy9zOKpyahxhYLkOBcbL89CMPt4ShPIY8wMvGa2HjPp
SC6GmCRh0EqeJW9UntGyGoPzLKTBPHdFL2zBr+E1lxVRLb2PUkuNKkhHZZDuaiei
rpZjpfb2Yof393Zfo+oK202DmTvyRiJe8jJAB9KETJGhQHwc6GT66bBitYSrdmyM
A9kNJh4jvsAzEpd5bhS4EQftnpXYv29rjGw1yEsS+32FeA/A0t+c2Sva7g62vdMr
AgMBAAGjggMsMIIDKDATBgNVHREEDDAKgghNUVNJU1ZBMTAdBgNVHQ4EFgQUlBYV
TS88c55UFy7i3pGB7mnGEOYwHwYDVR0jBBgwFoAUc7ve9VRJvf+M2b7HBJTLF7Ve
hLkwggERBgNVHR8EggEIMIIBBDCCAQCggf2ggfqGOGh0dHA6Ly9jcmwudGhyaXZl
bnQuY29tL2NlcnRlbnJvbGwvVEhSSVZFTlRJU1NVSU5HQ0EuY3JshoG9bGRhcDov
Ly9DTj1USFJJVkVOVElTU1VJTkdDQSxDTj1QV1R2VkNBMDExLENOPUNEUCxDTj1Q
dWJsaWMlMjBLZXklMjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0
aW9uLERDPXRocml2ZW50LERDPWNvcnA/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
dD9iYXNlP29iamVjdENsYXNzPBNSTERpc3RyaWJ1dGlvblBvaW50MIIBJgYIKwYB
BQUHAQEEggEYMIIBFDBdBggrBgEFBQcwAoZRaHR0cDovL2NybC50aHJpdmVudC5j
b20vY2VydGVucm9sbC9QV1RIVkNBMDExLnRocml2ZW50LmNvcnBfVEhSSVZFTlRJ
U1NVSU5HQ0EuY3J0MIGyBggrBgEFBQcwAoaBpWxkYXA6Ly8vQ049VEhSSVZFTlRJ
U1NVSU5HQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNl
cnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9dGhyaXZlbnQsREM9Y29ycD9jQUNl
cnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkx1dGhvcml0
eTALBgNVHQ8EBAMCBaAwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUIhMq+Q4bw
4j2F1Zs4hPWJF4aF1j4BgeKOGYaByVYCAWQCAQswHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMBMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwIwCgYIKwYB
BQUHAwEwDQYJKoZIhvcNAQELBQADggEBAJ4HXHhSu6zZo85DZszCHs+v3kWtsb0r
HkWbSq5IAyWBkx8RGu4LyXD00Z3YjwL8VkY6XpeCPnvX1EyWnhaRu9mAGLeEvz8j
s3g3vfzaMg1BHx/TB1qH+bZW3EbTSKJpUA6JbMRwxL8+X9EqhvieJyeif7Jxyrfk
c1EuBvwKr6mqx8FpS3i+qRBt5dV22iEwMi6qUXhmWRb+Zk5HMumJkeuWxsmEccCv
7dZ4qtGJt8SYLPRAAxMHGnW889BeY8KmdbfeFOyDAmMXEwvB3K3zKQ8aTR781BWv
ysR4VfQLr+A3zbM59CQjewP40y7oFgrpNuj8Hp1AXud3nsakEYFaGcc=
-----END CERTIFICATE-----

 

The openssl command with the X509, -text, and -enddate options can be used to determine when a certificate will expire. This command can be run on any file that contains a certificate, such as a .pem or .crt file.

openssl x509 -text -enddate -in example.crt

 

Which should return something like this.

notAfter=Jul 16 10:13:34 2017 GMT

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 93d0d in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |