Introduction
Knowing how to quickly check the dates that your certificate is valid for, can allow you to quickly determine if the issue you are experiencing is related to an expired certificate.
Procedure
The best tool to use for this is openssl
. openssl's command-line tool offers a plethora of options that allow you to read the certificate data and return the information you want.
In this case, you need to find the start date and end date that the certificate will be valid for.
To get this information simply execute the following command and be sure to replace $DOMAIN
and$PORT
with the correct information. For the port, this will generally be443
for the webserver; however, if you wish to check the certificate for a different service, be sure to use the correct port number:
echo | openssl s_client -connect $DOMAIN:$PORT -servername $DOMAIN -showcerts|openssl x509 -noout -dates
An example of the output returned will look like this, providing you with the issuer of the certificate and the date ranges that the certificate is valid for:
[root@the ~]$ echo | openssl s_client -connect cpanel.net:443 -servername cpanel.net -showcerts|openssl x509 -noout -dates
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL Wildcard, CN = *.cpanel.net
verify return:1
DONE
notBefore=Dec 22 00:00:00 2018 GMT
notAfter=Jan 20 23:59:59 2021 GMT