OpenSSL one liner to get expiry date from SSL Certificate of any website

23-01-2013 | Remy van Elst


Table of Contents


Remember to have the openssl package installed. Replace $IPADRES with either the website or the IP address of the site:

echo "" | openssl s_client -connect $IPADRES:443 > certexp.crt; openssl x509 -in certexp.crt -noout -enddate

For example, this website:

echo "" | openssl s_client -connect raymii.org:443 > certexp.crt; openssl x509 -in certexp.crt -noout -enddate

depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
notAfter=Jun 25 23:59:59 2014 GMT

By replacing the last parameter -enddate with -text you get the full certificate output. If you use -subject you can get the common name.

Example of the -text parameter:

echo "" | openssl s_client -connect raymii.org:443 > certexp.crt; openssl x509 -in certexp.crt -noout -text

depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            c1:a3:d8:d0:0d:72:fc:e4:83:cd:84:75:9e:9e:c0:bc
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=PositiveSSL CA 2
        Validity
            Not Before: Jun 25 00:00:00 2012 GMT
            Not After : Jun 25 23:59:59 2014 GMT
        Subject: OU=Domain Control Validated, OU=PositiveSSL, CN=raymii.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:d7:41:68:85:49:df:a6:43:d7:f4:14:c7:4f:a0:
                    c9:3e:9e:15:05:9b:a5:19:0c:82:c0:54:92:ae:8b:
                    d3:e2:c3:fc:a7:e0:19:0b:64:25:87:09:2f:9a:06:
                    03:a1:e8:44:e1:db:7e:05:b9:41:54:6d:58:ab:a5:
                    57:48:02:47:1d:6a:fd:dc:72:2b:f8:87:15:4b:27:
                    86:63:5c:44:7c:93:36:f9:92:4c:d1:8d:13:42:66:
                    f0:78:2f:76:a5:ce:5b:74:af:40:09:43:e3:6b:1a:
                    cc:3d:d8:0c:46:4e:d0:5e:8d:fc:f9:63:fb:14:11:
                    a8:28:cb:d3:4d:b9:71:e8:b3:34:1f:9a:fb:4c:ba:
                    a3:47:7e:b7:f1:94:15:1c:24:08:65:ab:3b:0f:c8:
                    8f:38:f4:76:e7:8f:07:83:cf:fc:f1:7e:3f:57:f3:
                    89:08:b1:6d:12:f7:dd:d1:eb:2d:84:9e:7c:b1:a1:
                    01:0a:b6:a0:44:d1:60:e1:ca:9f:f2:96:5b:cb:e6:
                    08:d7:57:fa:c9:d4:3f:56:68:d6:c9:aa:9d:8e:14:
                    a6:fe:0c:9e:5b:bf:b8:b8:3a:75:a7:56:1c:58:74:
                    cb:9c:b4:6b:64:c1:20:4b:ee:a1:39:f9:ab:63:a7:
                    42:97:34:35:2c:60:7d:a3:4b:89:84:ec:05:52:e7:
                    f4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                keyid:99:E4:40:5F:6B:14:5E:3E:05:D9:DD:D3:63:54:FC:62:B8:F7:00:AC

            X509v3 Subject Key Identifier: 
                3A:4B:29:3E:64:BA:04:06:43:D8:6C:60:CD:69:D3:F7:9E:8E:8B:4F
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: http://www.positivessl.com/CPS

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.comodoca.com/PositiveSSLCA2.crl

            Authority Information Access: 
                CA Issuers - URI:http://crt.comodoca.com/PositiveSSLCA2.crt
                OCSP - URI:http://ocsp.comodoca.com

            X509v3 Subject Alternative Name: 
                DNS:raymii.org, DNS:www.raymii.org
    Signature Algorithm: sha1WithRSAEncryption
         4c:07:d8:6b:d1:f5:1c:65:0a:dd:47:a4:13:ba:72:ee:ff:e2:
         f9:42:1c:0b:e1:a2:42:dd:d5:60:52:c5:0f:69:03:16:4d:e9:
         53:d6:65:a4:29:75:82:c3:62:1a:25:1c:a0:62:d3:1e:8b:f0:
         cb:ae:11:8f:42:8c:c5:01:6e:80:bf:b3:c9:fc:f3:0f:b3:2e:
         44:3a:b1:6d:d3:c6:ae:c9:d3:45:31:96:da:89:df:9b:83:2b:
         40:8e:56:38:2e:bd:0d:b2:b1:c1:51:8a:b1:c6:90:f9:7e:37:
         10:60:13:3a:fa:0f:5c:9e:6f:aa:4b:29:42:7f:96:87:f4:08:
         8a:58:96:8c:57:01:6c:c0:0e:61:64:d0:46:7f:44:31:bf:2c:
         17:28:73:39:ef:d7:9b:6a:32:35:94:56:fa:8d:68:6d:be:02:
         16:4e:e0:70:1b:09:ff:f3:86:0e:62:81:89:03:0e:e5:18:88:
         8a:f6:98:eb:05:07:83:2b:cf:33:e8:2e:43:43:7d:7f:20:de:
         77:42:fd:39:a8:b6:e1:fb:e8:1c:bc:fc:24:ad:eb:c6:01:22:
         fe:7e:2d:49:76:f8:8f:64:a1:4b:90:7b:d6:82:69:f5:7c:83:
         3b:c0:d1:e5:ae:d0:0f:7a:ac:8c:9a:22:bb:05:fc:34:8b:d7:
         a7:31:54:00

Tags: certificates, openssl, pki, ssl,