title: Checking SSL cert expiration link: https://onemoretech.wordpress.com/2009/12/01/checking-ssl-cert-expiration/ author: lembobro description: post_id: 212 created: 2009/12/01 14:50:14 created_gmt: 2009/12/01 14:50:14 comment_status: open post_name: checking-ssl-cert-expiration status: publish post_type: post

Checking SSL cert expiration

Here's a bash one-liner to check the expiration date of a site's SSL certificate:

[webmaster@example~]$ openssl s_client -connect sso.example.com:443|openssl x509 -noout -enddate

Your answer should be something like:

notAfter=Jul 16 23:59:59 2011 GMT

This is another way to do it: 1. Download cert using

echo "" | openssl s_client -connect myserver:443 >example.pem

2. Parse cert to get end date with

openssl x509 -in example.pem -noout -enddate

More openssl command line fun (like how to display the issue and expire dates, the issuer's name, etc.) can be found in the OpenSSL Command Line HOWTO (for example, use the -text switch to display things like the issuer, valid dates, serial numbers, cert names). You can also write an interactive perl script using Net::SSL::ExpireDate and Term::ReadKey. Here's how I did that:

#!/usr/bin/perl
use strict;
use Net::SSL::ExpireDate;
use Term::ReadKey;

print "Check site for expired SSL certn";
print "Fully qualified domain name? ";
my $sslhost = ;
chomp($sslhost);
print "n";
print "Lead time in months? n";
my $months = ;
chomp($months);
print "n";

my $ed = Net::SSL::ExpireDate->new( https =>$sslhost);
my $expire_date = $ed->expire_date;

print $sslhost, "SSL cert expires: ", $expire_date, "n";

my $expired = $ed->is_expired("$months months");

if($expired) {

	print "Cert is expired, or will expire in $months month(s)n";

}
else {

	print "Cert not expiredn";

}

Copyright 2004-2019 Phil Lembo