How to check the expiration date of a TLS / SSL certificate on Ubuntu

s2 0

The purpose of using TLS / SSL certificates on web servers is to encrypt the connection between the web browser and the server. However, these certificates are not valid for life, but also have a limited expiry date after which the web browser displays an error message when connecting to the website. Today I’m going to show you how to check the TLS / SSL certificate expiration date of a website’s SSL certificate using OpenSSL on Ubuntu 20.04.

Checking the expiration date of the TLS / SSL certificate on Ubuntu

To check the TLS / SSL certificate expiration date of an SSL certificate on the Linux shell, do the following:

Step 1: Check if OpenSSL is installed on your system or not:

First of all, you need to make sure that OpenSSL is installed on your system. Most of the latest Linux distributions have OpenSSL installed by default, but we have yet to confirm. If it doesn’t exist, we’ll need to install it before we can proceed. The existence of OpenSSL on our Ubuntu system can be verified by checking the version with the command shown below:

$ openssl version

As you can see in the image below, this means that OpenSSL is installed on our Ubuntu system, so we’re good to go.

OpenSSL version

Step # 2: Define and Export the URL Variable:

Now we need to define and export a URL variable that corresponds to the URL of the website whose certificate expiration date we want to check. Whenever we want to check the expiration date of a new website’s TLS / SSL certificate, we need to define and export the respective URL variable as shown below:

$ export SITE_URL= "WebsiteURL"

Set the website url

You can replace WebsiteURL with the URL of the website whose TLS / SSL certificate expiration date you want to check out. We used bing.com here. This command does not produce any output, as shown in the following figure:

Website URL to check

Step # 3: Define and Export the Port Variable:

After that we have to define and export a port variable. Since we all know that TLS / SSL always uses port number 443, this variable will stay the same no matter which website URL you used in the previous step. To define and export the port variable, we run the command shown below:

$ export SITE_SSL_PORT="443"

SSL portadvertising

This command also produces no output, as shown in the following figure:

Use port 443

Step 4: Check the TLS / SSL Certificate Expiration Date:

Finally, we can check the expiration date of the TLS / SSL certificate of our desired website by running the command shown below:

$ openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} -servername ${SITE_URL} 2> /dev/null | openssl x509 -noout -dates

Check SSL certificate

After you run this command, you will see two different dates in the output. The date highlighted in the image below is the TLS / SSL certificate expiration date for the specified website.

SSL certificate valid until

Diploma:

This way, you can easily find out the expiration date of any website’s TLS / SSL certificate using OpenSSL. Once you have OpenSSL installed on your system, it is safe to go through this procedure and it will work as smoothly as we showed you in this article.

How to check the expiration date of a TLS / SSL certificate on Ubuntu
Tags: