Check when an SSL certificate expires:
echo | openssl s_client -connect site:port 2>/dev/null | openssl x509 -noout -dates
We'll check this and the next example using google.com :
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Oct 22 12:35:32 2014 GMT
notAfter=Jan 20 00:00:00 2015 GMT
###Extract Additional Information from an SSL Certificate
issuer (Who issued the certificate?), validity dates (For what dates is the certificate valid?), subject (To whom was the certificate issued?), the hash value, the MD5 fingerprint and other details.
####Who issued the certificate?
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -issuer
issuer= /C=US/O=Google Inc/CN=Google Internet Authority G2
####To whom was the certificate issued?
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -subject
subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
####For what dates is the certificate valid?
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Oct 15 10:41:32 2014 GMT
notAfter=Jan 13 00:00:00 2015 GMT
####The above, all at once :
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
issuer= /C=US/O=Google Inc/CN=Google Internet Authority G2
subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=google.com
notBefore=Oct 22 12:35:32 2014 GMT
notAfter=Jan 20 00:00:00 2015 GMT
####What is its hash value?
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -hash
443aed36
####What is its MD5 fingerprint?
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -fingerprint
SHA1 Fingerprint=FD:E7:F4:E3:C7:64:F2:20:5F:84:AB:07:A0:85:84:6A:CB:82:D2:F5
####Extract all information from an SSL certificate :
$ echo | openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4766406294636930811 (0x4225ad457f0526fb)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Oct 22 12:35:32 2014 GMT
Not After : Jan 20 00:00:00 2015 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:ad:7a:6c:78:b7:f9:6d:22:26:27:5c:a6:b9:25:
a1:4c:48:5c:84:4d:08:9d:ce:b5:2f:b6:f3:fc:68:
09:25:18:16:93:12:fe:18:79:5f:f6:56:0c:11:7a:
7a:36:6d:ef:c0:71:5d:2a:b4:0c:ba:d1:e6:f2:3c:
da:57:56:c7:87:9f:36:30:fd:33:10:af:a1:fe:18:
a8:7c:91:fb:a5:68:b7:01:9f:5b:8a:d3:1b:e5:45:
37:4b:01:5d:8d:57:c5:2a:b6:49:d3:a7:02:aa:a1:
f5:30:3a:d2:98:af:c0:94:9e:25:08:5e:91:51:b0:
e6:56:14:db:c0:98:30:36:5d:b1:45:38:7a:13:73:
69:8a:33:4f:55:25:69:cc:ca:c0:e0:24:92:06:8d:
dd:c2:5c:e3:24:50:4d:db:75:62:3a:f5:64:cc:4a:
48:81:3a:c8:d9:76:93:d3:cc:c9:d0:3b:67:79:a5:
fc:9e:83:42:23:ad:2f:8a:76:3c:c0:b3:da:9d:c5:
36:9f:68:81:53:d9:0d:8a:e2:91:cb:55:16:59:c4:
55:4d:81:e2:c1:98:f8:a8:86:78:f2:49:7d:fe:45:
bf:3e:72:fc:c6:35:7a:0e:49:02:12:3c:af:f8:2d:
84:ea:af:25:cb:b7:41:0e:bb:e1:3b:f7:b5:a8:10:
e6:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:google.com, DNS:*.2mdn.net, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.au.doubleclick.net, DNS:*.cc-dt.com, DNS:*.cloud.google.com, DNS:*.de.doubleclick.net, DNS:*.doubleclick.com, DNS:*.doubleclick.net, DNS:*.fls.doubleclick.net, DNS:*.fr.doubleclick.net, DNS:*.google-analytics.com, DNS:*.google.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af, DNS:*.google.ag, DNS:*.google.al, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at, DNS:*.google.az, DNS:*.google.ba, DNS:*.google.be, DNS:*.google.bf, DNS:*.google.bg, DNS:*.google.bi, DNS:*.google.bj, DNS:*.google.bs, DNS:*.google.bt, DNS:*.google.by, DNS:*.google.ca, DNS:*.google.cat, DNS:*.google.cc, DNS:*.google.cd, DNS:*.google.cf, DNS:*.google.cg, DNS:*.google.ch, DNS:*.google.ci, DNS:*.google.cl, DNS:*.google.cm, DNS:*.google.cn, DNS:*.google.co.ao, DNS:*.google.co.bw, DNS:*.google.co.ck, DNS:*.google.co.cr, DNS:*.google.co.hu, DNS:*.google.co.id, DNS:*.google.co.il, DNS:*.google.co.im, DNS:*.google.co.in, DNS:*.google.co.je, DNS:*.google.co.jp, DNS:*.google.co.ke, DNS:*.google.co.kr, DNS:*.google.co.ls, DNS:*.google.co.ma, DNS:*.google.co.mz, DNS:*.google.co.nz, DNS:*.google.co.th, DNS:*.google.co.tz, DNS:*.google.co.ug, DNS:*.google.co.uk, DNS:*.google.co.uz, DNS:*.google.co.ve, DNS:*.google.co.vi, DNS:*.google.co.za, DNS:*.google.co.zm, DNS:*.google.co.zw, DNS:*.google.com, DNS:*.google.com.af, DNS:*.google.com.ag, DNS:*.google.com.ai, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.bd, DNS:*.google.com.bh, DNS:*.google.com.bn, DNS:*.google.com.bo, DNS:*.google.com.br, DNS:*.google.com.by, DNS:*.google.com.bz, DNS:*.google.com.cn, DNS:*.google.com.co, DNS:*.google.com.cu, DNS:*.google.com.cy, DNS:*.google.com.do, DNS:*.google.com.ec, DNS:*.google.com.eg, DNS:*.google.com.et, DNS:*.google.com.fj, DNS:*.google.com.ge, DNS:*.google.com.gh, DNS:*.google.com.gi, DNS:*.google.com.gr, DNS:*.google.com.gt, DNS:*.google.com.hk, DNS:*.google.com.iq, DNS:*.google.com.jm, DNS:*.google.com.jo, DNS:*.google.com.kh, DNS:*.google.com.kw, DNS:*.google.com.lb, DNS:*.google.com.ly, DNS:*.google.com.mm, DNS:*.google.com.mt, DNS:*.google.com.mx, DNS:*.google.com.my, DNS:*.google.com.na, DNS:*.google.com.nf, DNS:*.google.com.ng, DNS:*.google.com.ni, DNS:*.google.com.np, DNS:*.google.com.nr, DNS:*.google.com.om, DNS:*.google.com.pa, DNS:*.google.com.pe, DNS:*.google.com.pg, DNS:*.google.com.ph, DNS:*.google.com.pk, DNS:*.google.com.pl, DNS:*.google.com.pr, DNS:*.google.com.py, DNS:*.google.com.qa, DNS:*.google.com.ru, DNS:*.google.com.sa, DNS:*.google.com.sb, DNS:*.google.com.sg, DNS:*.google.com.sl, DNS:*.google.com.sv, DNS:*.google.com.tj, DNS:*.google.com.tn, DNS:*.google.com.tr, DNS:*.google.com.tw, DNS:*.google.com.ua, DNS:*.google.com.uy, DNS:*.google.com.vc, DNS:*.google.com.ve, DNS:*.google.com.vn, DNS:*.google.cv, DNS:*.google.cz, DNS:*.google.de, DNS:*.google.dj, DNS:*.google.dk, DNS:*.google.dm, DNS:*.google.dz, DNS:*.google.ee, DNS:*.google.es, DNS:*.google.fi, DNS:*.google.fm, DNS:*.google.fr, DNS:*.google.ga, DNS:*.google.ge, DNS:*.google.gg, DNS:*.google.gl, DNS:*.google.gm, DNS:*.google.gp, DNS:*.google.gr, DNS:*.google.gy, DNS:*.google.hk, DNS:*.google.hn, DNS:*.google.hr, DNS:*.google.ht, DNS:*.google.hu, DNS:*.google.ie, DNS:*.google.im, DNS:*.google.info, DNS:*.google.iq, DNS:*.google.ir, DNS:*.google.is, DNS:*.google.it, DNS:*.google.it.ao, DNS:*.google.je, DNS:*.google.jo, DNS:*.google.jobs, DNS:*.google.jp, DNS:*.google.kg, DNS:*.google.ki, DNS:*.google.kz, DNS:*.google.la, DNS:*.google.li, DNS:*.google.lk, DNS:*.google.lt, DNS:*.google.lu, DNS:*.google.lv, DNS:*.google.md, DNS:*.google.me, DNS:*.google.mg, DNS:*.google.mk, DNS:*.google.ml, DNS:*.google.mn, DNS:*.google.ms, DNS:*.google.mu, DNS:*.google.mv, DNS:*.google.mw, DNS:*.google.ne, DNS:*.google.ne.jp, DNS:*.google.net, DNS:*.google.ng, DNS:*.google.nl, DNS:*.google.no, DNS:*.google.nr, DNS:*.google.nu, DNS:*.google.off.ai, DNS:*.google.pk, DNS:*.google.pl, DNS:*.google.pn, DNS:*.google.ps, DNS:*.google.pt, DNS:*.google.ro, DNS:*.google.rs, DNS:*.google.ru, DNS:*.google.rw, DNS:*.google.sc, DNS:*.google.se, DNS:*.google.sh, DNS:*.google.si, DNS:*.google.sk, DNS:*.google.sm, DNS:*.google.sn, DNS:*.google.so, DNS:*.google.sr, DNS:*.google.st, DNS:*.google.td, DNS:*.google.tg, DNS:*.google.tk, DNS:*.google.tl, DNS:*.google.tm, DNS:*.google.tn, DNS:*.google.to, DNS:*.google.tt, DNS:*.google.us, DNS:*.google.uz, DNS:*.google.vg, DNS:*.google.vu, DNS:*.google.ws, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.jp.doubleclick.net, DNS:*.metric.gstatic.com, DNS:*.uk.doubleclick.net, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:ad.mo.doubleclick.net, DNS:android.com, DNS:doubleclick.net, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.ac, DNS:google.ad, DNS:google.ae, DNS:google.af, DNS:google.ag, DNS:google.al, DNS:google.am, DNS:google.as, DNS:google.at, DNS:google.az, DNS:google.ba, DNS:google.be, DNS:google.bf, DNS:google.bg, DNS:google.bi, DNS:google.bj, DNS:google.bs, DNS:google.bt, DNS:google.by, DNS:google.ca, DNS:google.cat, DNS:google.cc, DNS:google.cd, DNS:google.cf, DNS:google.cg, DNS:google.ch, DNS:google.ci, DNS:google.cl, DNS:google.cm, DNS:google.cn, DNS:google.co.ao, DNS:google.co.bw, DNS:google.co.ck, DNS:google.co.cr, DNS:google.co.hu, DNS:google.co.id, DNS:google.co.il, DNS:google.co.im, DNS:google.co.in, DNS:google.co.je, DNS:google.co.jp, DNS:google.co.ke, DNS:google.co.kr, DNS:google.co.ls, DNS:google.co.ma, DNS:google.co.mz, DNS:google.co.nz, DNS:google.co.th, DNS:google.co.tz, DNS:google.co.ug, DNS:google.co.uk, DNS:google.co.uz, DNS:google.co.ve, DNS:google.co.vi, DNS:google.co.za, DNS:google.co.zm, DNS:google.co.zw, DNS:google.com.af, DNS:google.com.ag, DNS:google.com.ai, DNS:google.com.ar, DNS:google.com.au, DNS:google.com.bd, DNS:google.com.bh, DNS:google.com.bn, DNS:google.com.bo, DNS:google.com.br, DNS:google.com.by, DNS:google.com.bz, DNS:google.com.cn, DNS:google.com.co, DNS:google.com.cu, DNS:google.com.cy, DNS:google.com.do, DNS:google.com.ec, DNS:google.com.eg, DNS:google.com.et, DNS:google.com.fj, DNS:google.com.ge, DNS:google.com.gh, DNS:google.com.gi, DNS:google.com.gr, DNS:google.com.gt, DNS:google.com.hk, DNS:google.com.iq, DNS:google.com.jm, DNS:google.com.jo, DNS:google.com.kh, DNS:google.com.kw, DNS:google.com.lb, DNS:google.com.ly, DNS:google.com.mm, DNS:google.com.mt, DNS:google.com.mx, DNS:google.com.my, DNS:google.com.na, DNS:google.com.nf, DNS:google.com.ng, DNS:google.com.ni, DNS:google.com.np, DNS:google.com.nr, DNS:google.com.om, DNS:google.com.pa, DNS:google.com.pe, DNS:google.com.pg, DNS:google.com.ph, DNS:google.com.pk, DNS:google.com.pl, DNS:google.com.pr, DNS:google.com.py, DNS:google.com.qa, DNS:google.com.ru, DNS:google.com.sa, DNS:google.com.sb, DNS:google.com.sg, DNS:google.com.sl, DNS:google.com.sv, DNS:google.com.tj, DNS:google.com.tn, DNS:google.com.tr, DNS:google.com.tw, DNS:google.com.ua, DNS:google.com.uy, DNS:google.com.vc, DNS:google.com.ve, DNS:google.com.vn, DNS:google.cv, DNS:google.cz, DNS:google.de, DNS:google.dj, DNS:google.dk, DNS:google.dm, DNS:google.dz, DNS:google.ee, DNS:google.es, DNS:google.fi, DNS:google.fm, DNS:google.fr, DNS:google.ga, DNS:google.ge, DNS:google.gg, DNS:google.gl, DNS:google.gm, DNS:google.gp, DNS:google.gr, DNS:google.gy, DNS:google.hk, DNS:google.hn, DNS:google.hr, DNS:google.ht, DNS:google.hu, DNS:google.ie, DNS:google.im, DNS:google.info, DNS:google.iq, DNS:google.ir, DNS:google.is, DNS:google.it, DNS:google.it.ao, DNS:google.je, DNS:google.jo, DNS:google.jobs, DNS:google.jp, DNS:google.kg, DNS:google.ki, DNS:google.kz, DNS:google.la, DNS:google.li, DNS:google.lk, DNS:google.lt, DNS:google.lu, DNS:google.lv, DNS:google.md, DNS:google.me, DNS:google.mg, DNS:google.mk, DNS:google.ml, DNS:google.mn, DNS:google.ms, DNS:google.mu, DNS:google.mv, DNS:google.mw, DNS:google.ne, DNS:google.ne.jp, DNS:google.net, DNS:google.ng, DNS:google.nl, DNS:google.no, DNS:google.nr, DNS:google.nu, DNS:google.off.ai, DNS:google.pk, DNS:google.pl, DNS:google.pn, DNS:google.ps, DNS:google.pt, DNS:google.ro, DNS:google.rs, DNS:google.ru, DNS:google.rw, DNS:google.sc, DNS:google.se, DNS:google.sh, DNS:google.si, DNS:google.sk, DNS:google.sm, DNS:google.sn, DNS:google.so, DNS:google.sr, DNS:google.st, DNS:google.td, DNS:google.tg, DNS:google.tk, DNS:google.tl, DNS:google.tm, DNS:google.tn, DNS:google.to, DNS:google.tt, DNS:google.us, DNS:google.uz, DNS:google.vg, DNS:google.vu, DNS:google.ws, DNS:googlecommerce.com, DNS:gstatic.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
FE:EF:B8:22:8E:E4:13:3D:4C:24:27:E5:A5:EB:BD:DB:8F:FE:56:78
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.11129.2.5.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://pki.google.com/GIAG2.crl
Signature Algorithm: sha1WithRSAEncryption
17:73:7f:bf:fa:47:63:88:7e:e3:1c:42:f5:6b:4f:ad:e6:1b:
8a:42:a0:cc:eb:b1:c6:1b:e4:2c:8a:4d:44:ac:dc:dc:e9:aa:
dd:a0:5c:76:13:e8:d4:c4:4e:ac:b8:67:75:a7:60:97:80:1d:
81:6f:0e:9d:ed:ca:00:37:e7:ba:23:ab:75:d9:ca:22:85:55:
fa:ab:2e:c0:3d:30:7c:90:94:08:be:f9:1a:46:e0:4e:79:c1:
fd:75:66:a1:1b:0f:91:c9:17:a7:84:7b:5f:3b:c6:aa:91:bb:
35:76:7d:e7:2e:12:93:80:06:39:54:3a:fe:c7:48:c5:02:ae:
da:d7:62:67:55:73:bf:0d:b8:3c:f6:e9:ae:99:1c:0c:15:c9:
90:99:18:f2:9e:c8:2b:aa:a3:d2:be:b9:ee:83:f4:a8:37:84:
67:ca:d2:00:bc:bc:fc:1e:f3:49:52:b7:10:c0:a1:2e:13:9e:
52:61:08:e0:b4:00:44:79:80:28:c2:e7:a8:86:19:7e:c6:6c:
ce:3b:3a:72:5d:f2:3e:5d:6d:a9:f3:2f:41:1e:99:fb:21:86:
57:03:35:87:66:29:b7:06:09:a5:30:2e:35:36:dc:fb:89:2e:
b3:34:5f:ac:ed:b9:74:c7:7c:15:49:98:43:3a:ed:4d:4d:d3:
5f:f7:6f:4f