How to check TLS/SSL certificate expiration date from Linux CLI?

Transport Layer Security is referred to as TLS. The system known as Transport Layer Security creates an encrypted session between two computers using the Internet. It authenticates the server’s identity and inhibits data interception by hackers. When using the HTTPS protocol, users can securely transfer sensitive data thanks to TLS (and SSL’s forerunner). In other words, HTTPS is TLS overlaid with HTTP. Applications like banking, information authentication, email exchange, and any other process requiring a greater level of privacy and security are perfect candidates for this technology. TLS makes it more difficult for hackers to get sensitive information by encrypting otherwise readable data. This helps to give an additional layer of security.

Digital certificates are files that are used to verify who has a public key, often known as identity certificates or public key certificates. A Certificate Authority issues TLS certificates, a sort of digital certificate (CA). The certificate is signed by the CA, attesting to the fact that they have confirmed it belongs to the people who hold the domain name that is the subject of the certificate.

TLS certificates typically include the following details:

1. Domain Name
2. Organization
3. The name of the issuing CA
4. Subdomains
5. Issue Date
6. Expiry Date
7. The public key
8. The digital signature by the CA

Below are the steps to view the expiration date of TLS/SSL from Linux CLI.

Find out the expiration date for www.geeksforgeeks.org 

Step 1: Open The CLI (Command-Line Interface) by pressing below keyboard keys.

CTRL + ALT + T

Or you can open a terminal by right-clicking anywhere and the menu will be popped, click on the Open Terminal option.

 

Step 2: Define the variable for the site URL or the site name that you want to view the expiration date of TLS/SSL. (for eg. google.com). Use the below code to define a variable in CLI. (Replace google.com with the URL of the site that you want to see.)

export URL_OF_WEBSITE="www.geeksforgeeks.org"

Enter the above command and press enter. 

 

Step 3: Again define one variable for the Port address as shown below.

export SSL_PORT_ADDRESS="443"

 

Step 4: Now use the below command to view the Expiration date, Paste the below command in CLI and press enter.

echo | openssl s_client -connect ${URL_OF_WEBSITE}:${SSL_PORT_ADDRESS} -servername ${URL_OF_WEBSITE} 2> /dev/null | openssl x509 -noout -dates

 

Step 5: There two dates will be appeared notBefore and notAfter, In that notAfter is the expiration date. See below screenshot of CLI you can see the expiration date.

 

Method: Finding the SSL certificate expiration date from a PEM-encoded certificate file

Step 1:  Repeat the first three same steps as in the above example.

Step 2: Enter the below command to download the PEM Encoded Certificate file.

echo -n | openssl s_client -connect ${URL_OF_WEBSITE}:${SSL_PORT_ADDRESS} -servername ${URL_OF_WEBSITE} \ | openssl x509 > ./SSL.cert

 

After entering the above command SSL.cert file will be downloaded.

 

Step 3: Enter Below Command to view Expiry Data.

openssl x509 -enddate -noout -in ./SSL.cert 

 

Step 4: The expiration Date will be displayed.