SSL certificates, called as digital certificates or X.509 certificates, are used to verify the authenticity of the web server by the browser i.e., is this the server host whom they claim to be(am i connecting to the correct web server). The SSL certificates are authenticated by third party Certificate Authorities.
To view the expiry date of an ssl certificate on a domain, say for example www.facebook.com
$ openssl s_client -connect www.facebook.com:443 | openssl x509 -text | grep -i "Not"
depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=1 O = VeriSign Trust Network, OU = "VeriSign, Inc.", OU = VeriSign International Server CA - Class 3, OU = www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
verify return:1
depth=0 C = US, ST = California, L = Palo Alto, O = "Facebook, Inc.", CN = *.facebook.com
verify return:1
Not Before: Jun 21 00:00:00 2012 GMT
Not After : Dec 31 23:59:59 2013 GMT
To view the expiry date of an ssl certificate(<server>.crt) in the web server where it is stored
The path of the <server>.crt file shall be available in the directive "SSLCertificateFile" in the httpd.conf file
# openssl x509 -noout -in <server>.crt -dates
Eg : openssl x509 -noout -in /etc/httpd/conf/server.crt -dates
notBefore=Sep 18 15:40:02 2012 GMT
notAfter=Sep 18 15:40:02 2013 GMT
No comments:
Post a Comment