Linux: Get SSL Certificate Expiration Date

Objective: Get the SSL certificate expiration date of a website from the command line.

To decode SSL certificates from the command line, we can make use of the s_client sub command found under the openssl tool. The general syntax of the command is:

echo | openssl s_client -connect host:port 2>/dev/null | openssl x509 -dates -noout

The host and port parameters have to be modified accordingly, based on the server that you want to check and the port that the web services are running on. To check the SSL certificate expiration dates for

$ echo | openssl s_client -connect 2>/dev/null | openssl x509 -dates -noout    
notBefore=Dec 15 13:48:27 2016 GMT
notAfter=Mar  9 13:35:00 2017 GMT

The above output indicates that the SSL certificate for is valid from 15-Dec-2016 13:48:27 GMT till 9-Mar-2017 13:35:00 GMT. The SSL certificate will expire on 9-Mar-2017 and will have to be replaced by then.

Ibrahim is a technology enthusiast with a keen interest in *NIX (Unix, Linux) systems, Android, open source and other tech related stuff. When his cpu load is low, you can probably find him online playing on his Xbox or PlayStation.