Skip to main content

Raymii.org Logo (IEC resistor symbol)logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

OpenSSL one liner to get expiry date from SSL Certificate of any website

Published: 23-01-2013 | Author: Remy van Elst | Text only version of this article


Table of Contents


Remember to have the openssl package installed. Replace $IPADRES with eitherthe website or the IP address of the site:

echo "" | openssl s_client -connect $IPADRES:443 > certexp.crt; openssl x509 -in certexp.crt -noout -enddate

For example, this website:

echo "" | openssl s_client -connect raymii.org:443 > certexp.crt; openssl x509 -in certexp.crt -noout -enddatedepth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Rootverify error:num=19:self signed certificate in certificate chainverify return:0DONEnotAfter=Jun 25 23:59:59 2014 GMT

If you like this article, consider sponsoring me by trying out a Digital OceanVPS. With this link you'll get $100 credit for 60 days). (referral link)

By replacing the last parameter -enddate with -text you get the fullcertificate output. If you use -subject you can get the common name.

Example of the -text parameter:

echo "" | openssl s_client -connect raymii.org:443 > certexp.crt; openssl x509 -in certexp.crt -noout -textdepth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Rootverify error:num=19:self signed certificate in certificate chainverify return:0DONECertificate:    Data:        Version: 3 (0x2)        Serial Number:            c1:a3:d8:d0:0d:72:fc:e4:83:cd:84:75:9e:9e:c0:bc    Signature Algorithm: sha1WithRSAEncryption        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=PositiveSSL CA 2        Validity            Not Before: Jun 25 00:00:00 2012 GMT            Not After : Jun 25 23:59:59 2014 GMT        Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=raymii.org        Subject Public Key Info:            Public Key Algorithm: rsaEncryption                Public-Key: (2048 bit)                Modulus:                    00:d7:41:68:85:49:df:a6:43:d7:f4:14:c7:4f:a0:                    c9:3e:9e:15:05:9b:a5:19:0c:82:c0:54:92:ae:8b:                    d3:e2:c3:fc:a7:e0:19:0b:64:25:87:09:2f:9a:06:                    03:a1:e8:44:e1:db:7e:05:b9:41:54:6d:58:ab:a5:                    57:48:02:47:1d:6a:fd:dc:72:2b:f8:87:15:4b:27:                    86:63:5c:44:7c:93:36:f9:92:4c:d1:8d:13:42:66:                    f0:78:2f:76:a5:ce:5b:74:af:40:09:43:e3:6b:1a:                    cc:3d:d8:0c:46:4e:d0:5e:8d:fc:f9:63:fb:14:11:                    a8:28:cb:d3:4d:b9:71:e8:b3:34:1f:9a:fb:4c:ba:                    a3:47:7e:b7:f1:94:15:1c:24:08:65:ab:3b:0f:c8:                    8f:38:f4:76:e7:8f:07:83:cf:fc:f1:7e:3f:57:f3:                    89:08:b1:6d:12:f7:dd:d1:eb:2d:84:9e:7c:b1:a1:                    01:0a:b6:a0:44:d1:60:e1:ca:9f:f2:96:5b:cb:e6:                    08:d7:57:fa:c9:d4:3f:56:68:d6:c9:aa:9d:8e:14:                    a6:fe:0c:9e:5b:bf:b8:b8:3a:75:a7:56:1c:58:74:                    cb:9c:b4:6b:64:c1:20:4b:ee:a1:39:f9:ab:63:a7:                    42:97:34:35:2c:60:7d:a3:4b:89:84:ec:05:52:e7:                    f4:db                Exponent: 65537 (0x10001)        X509v3 extensions:            X509v3 Authority Key Identifier:                 keyid:99:E4:40:5F:6B:14:5E:3E:05:D9:DD:D3:63:54:FC:62:B8:F7:00:AC            X509v3 Subject Key Identifier:                 3A:4B:29:3E:64:BA:04:06:43:D8:6C:60:CD:69:D3:F7:9E:8E:8B:4F            X509v3 Key Usage: critical                Digital Signature, Key Encipherment            X509v3 Basic Constraints: critical                CA:FALSE            X509v3 Extended Key Usage:                 TLS Web Server Authentication, TLS Web Client Authentication            X509v3 Certificate Policies:                 Policy: 1.3.6.1.4.1.6449.1.2.2.7                  CPS: http://www.positivessl.com/CPS            X509v3 CRL Distribution Points:                 Full Name:                  URI:http://crl.comodoca.com/PositiveSSLCA2.crl            Authority Information Access:                 CA Issuers - URI:http://crt.comodoca.com/PositiveSSLCA2.crt                OCSP - URI:http://ocsp.comodoca.com            X509v3 Subject Alternative Name:                 DNS:raymii.org, DNS:www.raymii.org    Signature Algorithm: sha1WithRSAEncryption         4c:07:d8:6b:d1:f5:1c:65:0a:dd:47:a4:13:ba:72:ee:ff:e2:         f9:42:1c:0b:e1:a2:42:dd:d5:60:52:c5:0f:69:03:16:4d:e9:         53:d6:65:a4:29:75:82:c3:62:1a:25:1c:a0:62:d3:1e:8b:f0:         cb:ae:11:8f:42:8c:c5:01:6e:80:bf:b3:c9:fc:f3:0f:b3:2e:         44:3a:b1:6d:d3:c6:ae:c9:d3:45:31:96:da:89:df:9b:83:2b:         40:8e:56:38:2e:bd:0d:b2:b1:c1:51:8a:b1:c6:90:f9:7e:37:         10:60:13:3a:fa:0f:5c:9e:6f:aa:4b:29:42:7f:96:87:f4:08:         8a:58:96:8c:57:01:6c:c0:0e:61:64:d0:46:7f:44:31:bf:2c:         17:28:73:39:ef:d7:9b:6a:32:35:94:56:fa:8d:68:6d:be:02:         16:4e:e0:70:1b:09:ff:f3:86:0e:62:81:89:03:0e:e5:18:88:         8a:f6:98:eb:05:07:83:2b:cf:33:e8:2e:43:43:7d:7f:20:de:         77:42:fd:39:a8:b6:e1:fb:e8:1c:bc:fc:24:ad:eb:c6:01:22:         fe:7e:2d:49:76:f8:8f:64:a1:4b:90:7b:d6:82:69:f5:7c:83:         3b:c0:d1:e5:ae:d0:0f:7a:ac:8c:9a:22:bb:05:fc:34:8b:d7:         a7:31:54:00
Tags: certificates, openssl, pki, snippets, ssl