Check SSL certificate expiration date and other details at the command line

To check a local cert:

c="/path/to/cert"
openssl x509 -noout -dates -subject -issuer -in $c

To check a remote cert, first get it with s_client, then feed to x509:

h="google.com"
p="443"
openssl s_client -host $h -port $p | openssl x509 -noout -dates -subject -issuer

Example output:

depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
notBefore=Aug 14 21:46:27 2013 GMT
notAfter=Oct 31 23:59:59 2013 GMT
subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer= /C=US/O=Google Inc/CN=Google Internet Authority
read:errno=0

UPDATE 2014-04-09: Find the above tedious? I did. So here's a simple shell script to make checking SSL certificates with openssl easy!

Leave a comment

NOTE: Enclose quotes in <blockquote></blockquote>. Enclose code in <pre lang="LANG"></pre> (where LANG is one of these).