How to determine SSL cert expiration date from a PEM encoded certificate?

Question

If I have the actual file and a Bash shell in Mac or Linux, how can I query the cert file for when it will expire? Not a web site, but actually the certificate file itself,

Answer 1

Here's my bash command line to list multiple certificates in order of their expiration, most recently expiring first.

for pem in /etc/ssl/certs/*.pem; do 
   printf '%s: %s\n' \
      "$(date --date="$(openssl x509 -enddate -noout -in "$pem"|cut -d= -f 2)" --iso-8601)" \
      "$pem"
done | sort

Sample output:

2015-12-16: /etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem
2016-03-22: /etc/ssl/certs/CA_Disig.pem
2016-08-14: /etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_S.pem

Answer 2

With openssl:

openssl x509 -enddate -noout -in file.pem

The output is on the form:

notAfter=Nov  3 22:23:50 2014 GMT

Also see MikeW's answer for how to easily check whether the certificate has expired or not, or whether it will within a certain time period, without having to parse the date above.

Answer 3

I have made a bash script related to the same to check if the certificate is expired or not. You can use the same if required.

Script

https://github.com/zeeshanjamal16/usefulScripts/blob/master/sslCertificateExpireCheck.sh

ReadMe

https://github.com/zeeshanjamal16/usefulScripts/blob/master/README.md