Skip to main content

SSL 常用技巧

Check TLS/SSL certificate expiration date

from a website)

DOM="www.cloudcoin.global" 
PORT="443" 
## note echo added ## 
echo | openssl s_client -servername $DOM -connect $DOM:$PORT \
| openssl x509 -noout -dates

output

depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore CyberTrust Root
verify return:1
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify return:1
depth=0 C = US, ST = CA, L = San Francisco, O = "Cloudflare, Inc.", CN = cloudcoin.global
verify return:1
DONE
notBefore=Jun  5 00:00:00 2020 GMT
notAfter=Jun  5 12:00:00 2021 GMT
  • s_client : The s_client command implements a generic SSL/TLS client which connects to a remote host using SSL/TLS.
  • -servername $DOM : Set the TLS SNI (Server Name Indication) extension in the ClientHello message to the given value.
  • -connect $DOM:$PORT : This specifies the host ($DOM) and optional port ($PORT) to connect to.
  • x509 : Run certificate display and signing utility.
  • -noout : Prevents output of the encoded version of the certificate.
  • -dates : Prints out the start and expiry dates of a TLS or SSL certificate.

from a PEM encoded certificate file)

openssl x509 -enddate -noout -in /etc/nginx/ssl/www.cyberciti.biz.fullchain.cer

output

notAfter=Dec 29 23:48:42 2020 GMT