Bill Agee's blog

🤔 Reflections on test infrastructure, with a twist of user empathy.

OpenSSL oneliner to print a remote server's cert validity dates

Today I wanted to check the notBefore and notAfter validity dates of an SSL cert installed on a remote server.

I immediately wondered if there was an easy way to use the OpenSSL command line tool to accomplish this.

And there is - you just have to pass the output of openssl s_client to openssl x509, and away you go:

echo |\
  openssl s_client -connect 2>/dev/null |\
  openssl x509 -noout -subject -dates

That command should print the subject, notBefore, and notAfter dates of the certificate used by

subject= /C=US/ST=California/L=Mountain View/O=Google Inc/
notBefore=Jul 12 08:56:36 2013 GMT
notAfter=Oct 31 23:59:59 2013 GMT

I picked up the specifics of how to do this over at the very useful OpenSSL Command-Line HOWTO site. It's worth reading in depth.