How to Determine Ssl Cert Expiration Date From a Pem Encoded Certificate?

To determine the SSL certificate expiration date from a PEM-encoded certificate, you can use the openssl command-line tool. Here's how to do it:

Step 1: View the Certificate Information

Use the openssl x509 command to display the details of the certificate, including the expiration date.

openssl x509 -in your_certificate.pem -noout -dates

• in your_certificate.pem: Specifies the input PEM file containing the certificate.
• noout: Prevents openssl from outputting the entire certificate.
• dates: Outputs the certificate's start (notBefore) and end (notAfter) dates.

Example

If your PEM-encoded certificate is named certificate.pem, the command would be:

openssl x509 -in certificate.pem -noout -dates

Expected Output

The command will output something like:

notBefore=Mar 20 12:00:00 2023 GMT
notAfter=Mar 20 12:00:00 2024 GMT

• notBefore: The date and time when the certificate becomes valid.
• notAfter: The date and time when the certificate expires.

Step 2: Interpret the Dates

• The notAfter date tells you when the certificate will expire.
• Ensure that your system time is correctly set to avoid misinterpretation of the expiration date.

Summary

By using the openssl x509 -in your_certificate.pem -noout -dates command, you can easily find the expiration date of your SSL certificate from a PEM-encoded certificate file.

Got an article suggestion? Let us know

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.