The openssl command with the enddate option can be used to determine when a certificate will expire. In this example, the certificate will expire on July 16, 2017. This command can be run on any file that contains a certificate, such as a .pem or .crt file. The noout option excludes the actual certificate from the output, so that only the enddate is displayed.

[root@server1 ~]# openssl x509 -enddate -noout -in example.pem
notAfter=Jul 16 10:13:34 2017 GMT