How to decode and view an SSL certificate file on the command line

Introduction

Typically the SSL certificates that you would be interested in are located in the following place on the server. You would replace EXAMPLEDOMAIN.TLD with your own domain:

/var/cpanel/ssl/apache_tls/EXAMPLEDOMAIN.TLD/combined

You'll notice that if you try to view this file with cat or less, it is not in a human readable format. You may use the following process to view the domains and validity dates of an SSL certificate file via SSH or Terminal.

Procedure

1. Login to the server via SSH or Terminal as the root user
2. Set a variable that contains the path to the certificate that you are interested in reading. Be sure to replace EXAMPLEDOMAIN.TLD with your domain:

   CERT=/var/cpanel/ssl/apache_tls/EXAMPLEDOMAIN.TLD/combined

3. Copy and paste the following command into the command line:

   openssl x509 -in $CERT -text -noout | sed -n -e '/Validity/,+2p;/DNS/s/\(^ \+\)\( DNS.*\)/\2/p;' | tr ',' '\n'

4. The output will look similar to the following:

   Validity
   Not Before: Jan 27 20:00:13 2021 GMT
   Not After : Jan 27 20:00:13 2022 GMT
   DNS:www.example.tld
   DNS:example.tld

NOTE: You may view the full details of the certificate by using the following command instead:

CERT=/var/cpanel/ssl/apache_tls/EXAMPLEDOMAIN.TLD/combined
openssl x509 -in $CERT -text -noout