If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

A deployment can use one or more SSL certificates:

• In a config map
• In a secret
• In a deployments container args (arguments)

This article describes how to list the SSL certificates in secrets.

The oc get secrets command can be used to list the secrets in a namespace.

 ~]$ oc get secrets --namespace openshift-kube-apiserver-operator
NAME                                      TYPE                                  DATA   AGE
aggregator-client-signer                  kubernetes.io/tls                     2      123d
kube-apiserver-operator-serving-cert      kubernetes.io/tls                     2      124d
kube-apiserver-to-kubelet-signer          SecretTypeTLS                         2      124d
kube-control-plane-signer                 kubernetes.io/tls                     2      94d
loadbalancer-serving-signer               SecretTypeTLS                         2      124d
localhost-recovery-serving-signer         kubernetes.io/tls                     2      124d
localhost-serving-signer                  SecretTypeTLS                         2      124d
next-bound-service-account-signing-key    Opaque                                2      124d
node-system-admin-client                  kubernetes.io/tls                     2      124d
node-system-admin-signer                  kubernetes.io/tls                     2      124d
service-network-serving-signer            SecretTypeTLS                         2      124d

The -o yaml or -o json options can be used to display the YAML or JSON details of the secret. Notice that the "tls.crt" and "tls.key" keys contains a string alphanumeric characters. This is normal, because the secret value is base64 encoded.

~]$ oc get secrets service-network-serving-signer --namespace openshift-kube-apiserver-operator -o yaml
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURURENDQWpTZ0F3SUJBZ0lJQ1lTR0pMNHdVaWd3RFFZSktvWklodmN...
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMzgwWHNkVVAvK1RHaUZGRSszOGJ6U2N...

On a Linux system, the base64 command can be used to decode the value, which should display the details of the certificate.

~]$ echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVVENDQWptZ0F3SUJBZ0lJS0t3QWNUajMrR..." | base64 --decode | openssl x509 -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2930717943798429805 (0x28ac007138f7f86d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=openshift-service-serving-signer@1626455578
        Validity
            Not Before: Jul 16 17:12:57 2021 GMT
            Not After : Sep 14 17:12:58 2023 GMT

Or, here is a oneliner.

oc get secret -n <namespace> <secret name> -o yaml -o custom-columns=":.data.tls\.crt" | tail -1 | base64 -d | openssl x509 -noout -text