Archive for December 2009

Check expiry date on a ssl certificate

I needed to check the expiry date on a ssl certificate on a RHEL5 server (running a apache webserver).

In this case the location of the certificate was found in the ssl.conf file in the /etc/httpd/conf.d directory. It could very well be different in your setup, so you could grep for the string “SSLCertificateFile” in /etc/httpd/conf*

# grep -r "^SSLCertificateFile" /etc/httpd/conf*

and you should find the path to your certificate file (in my case /etc/pki/tls/certs/server.crt)

# cd /etc/pki/tls/certs (or the path you found above)
# openssl x509 -in server.crt -noout -enddate

Will tell you the expiry date.