How to Check TLS/SSL Certificate Expiration Date from Linux CLI?

Checking TLS/SSL Certificate Expiration Date from Linux CLI – A Beginner’s Guide

The client and server use TLS/SSL certificates to secure their communication. They act as a trusted third party who vouches for the identity of your server and its ability to encrypt sensitive data.

TLS/SSL certificates expire after some time, so you must check their expiration date before using them. In this article, we will see how you can check TLS/SSL certificate expiration date on Linux CLI using the OpenSSL command line tool and some other Linux commands. These are useful while configuring web servers or development environments.

What are SSL/TLS Certificates?

A Certificate Authority (CA) issues TLS certificates or digital certificates, enabling users to securely transfer sensitive data using the HTTPS protocol. In other words, HTTPS is TLS on top of HTTP. This technology is ideal for banking, information verification, email exchange, and other activities needing more privacy and security.

As we know, encrypted data is harder to read without decrypting with the help of the private key, thus making it difficult for hackers to access the information. Files known as digital or identity certificates (public key certificates) verify the owner of a public key.

Method to See the Expiration Date for TLS/SSL Certificate

Step 1: You can access the CLI (Command-Line Interface) by pressing Alt + CTRL + T keyboard keys. Another method to open Command-Line is by clicking anywhere on the screen with your right mouse button to bring up a menu and selecting the “Open Terminal” option. But the keyboard shortcut makes it more accessible.

Step 2: To view the TLS/SSL expiration date for a specific site, define the variable for the site name or URL. To define a variable in CLI, use the code below.

export URL_OF_WEBSITE="YourWebsiteURL"

Enter the preceding command and hit enter.

Step 3: As shown below, define one variable for the Port address again.

export SSL_PORT_ADDRESS="443."

Step 4: You can now view the expiration date by using the command below. Enter the following command into the CLI.

echo | openssl s_client -connect ${URL_OF_WEBSITE}:${SSL_PORT_ADDRESS} -servername ${URL_OF_WEBSITE} 2> /dev/null | openssl x509 -noout -dates

Step 5: Two dates will appear notBefore and notAfter. In that notAfter is the expiration date.

How to Extract a PEM-encoded Certificate File’s Expiration Date from an SSL Certificate

• Repeat the first three steps from the preceding example.

• Run the command below to obtain the PEM Encoded Certificate file.

echo -n | openssl s_client -connect ${URL_OF_WEBSITE}:${SSL_PORT_ADDRESS} -servername ${URL_OF_WEBSITE} \ | openssl x509 > ./SSL.cert

The SSL.cert file will be downloaded after entering the above command.

• Type the following command to view Expiry Data.

openssl x509 -enddate -noout -in ./SSL.cert

• The system will display the expiration date.

How does TLS/SSL work?

As we already know SSL/TLS certificate creates a secure, encrypted connection between the website and visitors. Let’s how does TLS/SSL work:

• The user opens up the browser to connect to a website.
• The server dispatches a copy of the website’s SSL/TLS certificate to the user’s web browser.
• The visitor’s browser validates the certificate to confirm if it is valid and has not expired.
• If the certificate is fair, the browser encrypts a spontaneous session key using the SSL/TLS certificate’s public key.
• Then, the browser sends the encrypted session key to the website’s server.
• The session key is decrypted by the server using its private key.
• The server and the user’s browser use the session key to encrypt and decrypt all data traded during the exchange, including sensitive details like login credentials, credit card numbers, and other private information.
• The session key is discarded at the end, and a new one will be generated the next time a visitor connects to that website.

Conclusion on How to Check TLS/SSL Certificate Expiration Date

With this, we hope you understand how to check your website’s expiration date for the TLS/SSL certificate. As of now, people are more and more aware of online threats; thus, it is essential to keep your website certificate in check.

Today, hundreds of thousands of websites utilize HTTPS services to safeguard their content from unauthorized access by other users and hackers. In any sort of discrepancy or a mishap from these hackers, TLS/SSL provides an additional protection layer.