How to Check a TLS/SSL Certificate Expiration Date on Ubuntu

SSL Expiration date

The purpose of using TLS/SSL certificates on web servers is to encrypt the connection between the web browser and server. However, these certificates are not valid for a whole life rather they also have a finite expiration date after which the web browser will show an error message when connecting to the website. Today, I will show you how you can check the TLS/SSL certificate expiration date of an SSL certificate of a website using OpenSSL on Ubuntu 20.04.

Checking the TLS/SSL Certificate Expiration Date on Ubuntu

To check the TLS/SSL certificate expiration date of an SSL certificate on the Linux shell, follow these steps:

Step # 1: Check if OpenSSL is Installed on your System or not:

First of all, you must ensure that OpenSSL is installed on your system. On most of the latest Linux distributions, OpenSSL is installed by default but we still need to confirm it. If it is not there, then we will have to install it before proceeding further. The existence of OpenSSL on our Ubuntu system can be verified by checking its version with the command shown below:

$ openssl version

Check OpenSSL version

As you can see the OpenSSL version in the following image, means that OpenSSL is installed on our Ubuntu system so, we are good to go.

OpenSSL version

Step # 2: Define and Export the URL Variable:

Now, we need to define and export a URL variable that will correspond to the URL of the website whose certificate expiration date we want to check. Whenever we want to check the TLS/SSL certificate expiration date of a new website, we will have to define and export its particular URL variable in the manner shown below:

$ export SITE_URL= "WebsiteURL"

Set website URL

You can replace WebsiteURL with the URL of the website whose TLS/SSL certificate expiration date you want to check out. We have used google.com over here. This command will not produce any output as shown in the following image:

Web site URL to check

Step # 3: Define and Export the Port Variable:

After that, we need to define and export a Port variable. Now, since we all know that TLS/SSL always uses port number 443 to work that is why this variable will remain the same no matter which website URL you have used in the previous step. To define and export the port variable, we will execute the command shown below:

$ export SITE_SSL_PORT="443"

SSL Port

Again, this command will not produce any output as shown in the following image:

Use Port 443

Step # 4: Check the TLS/SSL Certificate Expiration Date:

Finally, we can check the TLS/SSL certificate expiration date of our desired website by executing the command shown below:

$ openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} -servername ${SITE_URL} 2> /dev/null | openssl x509 -noout -dates

Check SSL cert

After executing this command, you will be presented with two different dates in the output. The date highlighted in the following image is the TLS/SSL certificate expiration date for the specified website.

SSL cert valid until

Conclusion:

This is how you can easily find the TLS/SSL certificate expiration date of any website out there, by making use of OpenSSL. Once you have OpenSSL installed on your system, you can perform this procedure without any worries and it works as smoothly as we have shown you in this article.