The purpose of using TLS/SSL certificates on web servers is to encrypt the connection between the web browser and server. However, these certificates are not valid for a whole life rather they also have a finite expiration date after which the web browser will show an error message when connecting to the website. Today, I will show you how you can check the TLS/SSL certificate expiration date of an SSL certificate of a website using OpenSSL on Ubuntu 20.04.
Checking the TLS/SSL Certificate Expiration Date on Ubuntu
To check the TLS/SSL certificate expiration date of an SSL certificate on the Linux shell, follow these steps:
Step #1: Check if OpenSSL is Installed on your System or no:
First of all, you must ensure that OpenSSL is installed on your system. On most of the latest Linux distributions, OpenSSL is installed by default but we still need to confirm it. If it is not there, then we will have to install it before proceeding further. The existence of OpenSSL on our Ubuntu system can be verified by checking its version with the command shown below:
$ openssl version
As you can see the OpenSSL version in the following image, means that OpenSSL is installed on our Ubuntu system so, we are good to go.
Step # 2: Define and Export the URL Variable:
Now, we need to define and export a URL variable that will correspond to the URL of the website whose certificate expiration date we want to check. Whenever we want to check the TLS/SSL certificate expiration date of a new website, we will have to define and export its particular URL variable in the manner shown below:
$ export SITE_URL= "WebsiteURL"
You can replace the website URL with the URL of the website whose TLS/SSL certificate expiration date you want to check out. We have used google.com over here. This command will not produce any output as shown in the following image:
Step #3: Define and Export the Port Variable:
After that, we need to define and export a Port variable. Now, since we all know that TLS/SSL always uses port number 443 to work that is why this variable will remain the same no matter which website URL you have used in the previous step. To define and export the port variable, we will execute the command shown below:
$ export SITE_SSL_PORT="443"
Again, this command will not produce any output as shown in the following image:
Step #4: Check the TLS/SSL Certificate Expiration Date:
Finally, we can check the TLS/SSL certificate expiration date of our desired website by executing the command shown below:
$ openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} -servername ${SITE_URL} 2> /dev/null | openssl x509 -noout -dates
After executing this command, you will be presented with two different dates in the output. The date highlighted in the following image is the TLS/SSL certificate expiration date for the specified website.