India English
Kenya English
United Kingdom English
South Africa English
Nigeria English
United States English
United States Español
Indonesia English
Bangladesh English
Egypt العربية
Tanzania English
Ethiopia English
Uganda English
Congo - Kinshasa English
Ghana English
Côte d’Ivoire English
Zambia English
Cameroon English
Rwanda English
Germany Deutsch
France Français
Spain Català
Spain Español
Italy Italiano
Russia Русский
Japan English
Brazil Português
Brazil Português
Mexico Español
Philippines English
Pakistan English
Turkey Türkçe
Vietnam English
Thailand English
South Korea English
Australia English
China 中文
Somalia English
Canada English
Canada Français
Netherlands Nederlands

How to Check SSL Certificate Expiration Date in Linux

SSL/TLS certificates are the backbone of secure online communication, but they don’t last forever. Knowing how to check SSL certificate expiration dates in Linux is a crucial part of maintaining reliable, trustworthy systems. Let’s dive into the methods you can use.

Why is Checking Expiration Important?

  • Security: Expired certificates are the digital equivalent of an expired ID. Browsers will display warnings, and applications may fail to connect securely, opening the door to exploits.
  • User Trust: Warnings due to expired certificates degrade user confidence in your website or service.
  • Compliance: Many regulations and standards require the use of unexpired certificates.

Techniques for Checking Expiration Dates

1. The OpenSSL Command

OpenSSL is a Swiss Army knife for cryptographic tasks in Linux. Here’s how to extract the expiration date:


openssl x509 -in certificate.pem -text -noout | grep "Not After" 
  • Replace certificate.pem with the path to your certificate file.
  • Look for the “Not After” line in the output, indicating the expiry date and time.

2. Checking Expiration Against a Specific Time

To see if a certificate is valid at a particular moment, use OpenSSL’s -checkend option:


openssl x509 -in certificate.pem -checkend <seconds>
  • <seconds> is the number of seconds since the Unix Epoch (January 1st, 1970). Online converters can help you find this value.

3. Examining Certificates on Remote Servers

You can even check expiration dates for certificates on other servers:


openssl s_client -connect < /dev/null | openssl x509 -noout -dates
  • Replace with the actual hostname.

4. Web-Based SSL Checkers

If you prefer not to use the command line, various online SSL checkers exist. These usually allow you to either:

  • Input the domain name to examine the live certificate on the server, or
  • Upload a certificate file directly.

Essential Notes

  • Automation: For proactive monitoring, consider scripting these checks and setting up alerts for impending expirations.
  • Certificate Chains: If the certificate is part of a chain, you might need to inspect the individual certificates separately.


Knowing how to check SSL certificate expiration dates in Linux is an important skill for maintaining a secure and compliant online presence. OpenSSL provides a powerful and convenient way for achieving this directly from your terminal.

Read also:


Enjoy this blog? Please spread the word :)