How to retrieve the SSL cert expiration date from a PEM encoded certificate?
We use the following command to get the ending date of PEM encoded certificates that are generated using certbot
and Let's Encrypt
:
1 | openssl x509 -enddate -noout - in fullchain.pem; |
To get a list of all certificates and their expiration dates, we issue the following find
command that executes the above snippet on each result while printing the name of the file first.
1 | find ~ /certificates/ -name "fullchain.pem" -print - exec openssl x509 -enddate -noout - in '{}' \; |
In this example, the certificates are in our home folder under the name ‘certificates’. The results will look like the following sample:
/home/tux/certificates/example.com/fullchain.pem notAfter=Aug 22 10:12:55 2021 GMT /home/tux/certificates/site2.example.com/fullchain.pem notAfter=Nov 22 03:22:44 2021 GMT