Monday, 18 May 2015

Check SSL Certificate Expiration Date from the terminal/putty

Generally user want to check SSL certificate expiry date on the server and don't have an idea that.... is there any way to check this via putty, with the help of some commands. The answer is yes!
Explaining below few useful commands which would be very helpful in case you want to check SSL related on your server.
This is also useful when you have server in cluster. Lets take example of 4 weblogic application/web server and they are in cluster so that another can provide resilience in case one goes down.

Now if you have 4 different server obviously you should be having separate SSL certificate installed in each box. Below command can be used to check the SSL

Check when an SSL certificate expires from the Linux command line :
echo | openssl s_client -connect site:port 2>/dev/null | openssl x509 -noout -dates

Let's check when the SSL certificate of flipkart.com expires :

echo | openssl s_client -connect flipkart.com:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Mar 30 15:45:41 2015 GMT
notAfter=Apr  5 04:55:40 2017 GMT

You can also extract additional information from SSL

MD5 fingerprint


Command:- 
echo | openssl s_client -connect flipkart.com:443 2>/dev/null | openssl x509 -noout -fingerprint
Result:-
SHA1 Fingerprint=9B:87:8F:F9:87:F1:74:40:68:19:3D:A9:CD:69:C1:57:33:B7:5F:03

Hash value

Command:- 
echo | openssl s_client -connect flipkart.com:443 2>/dev/null | openssl x509 -noout -hash

Result:-
139b0a9c

For what dates is the certificate valid?

Command:-
echo | openssl s_client -connect flipkart.com:443 2>/dev/null | openssl x509 -noout -dates

Result:-
notBefore=Mar 30 15:45:41 2015 GMT
notAfter=Apr  5 04:55:40 2017 GMT

Below is much more defined

Command:-
echo | openssl s_client -connect flipkart.com:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates

Result:-
issuer= /C=US/O=Entrust, Inc./OU=See www.entrust.net/legal-terms/OU=(c) 2014 Entrust, Inc. - for authorized use only/CN=Entrust Certification Authority - L1M
subject= /C=IN/ST=Karnataka/L=Bangalore/1.3.6.1.4.1.311.60.2.1.3=IN/O=Flipkart Internet Private Limited/businessCategory=Private Organization/OU=Tech/serialNumber=066107/CN=www.flipkart.com
notBefore=Mar 30 15:45:41 2015 GMT
notAfter=Apr  5 04:55:40 2017 GMT
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)