All digital certificates contain an expiration date which most client
and server applications will check before using the certificates
contents. ssl-cert-check is provided free of charge.
$ ssl-cert-check -h
Usage: ssl-cert-check [ -e email ] [ -x expir_days ] [ -q ] [ -a ] [ -h ] [-i]
{[ -s common_name ] && [ -p port]} || {-f cert_file} || {-c certificate file}
-a : Send a warning message through email
-c cert file : Print the expiration date for a PEM formatted
certificate passed as an option
-e email address : Email address to send expiration notices
-f cert file : File with a list of FQDNs and ports
-h : Print this screen
-i : Print the issuer of the certificate
-p port : Port to connect to (interactive mode)
-s commmon name : Server to connect to (interactive mode)
-q : Don't print anything on the console
-x days : Certificate expiration interval (eg. if cert_date < days)
1. To view the date when a certificate stored in the file cacert.pem will
expire, ssl-cert-check can be executed with the “-c” (certificate file
to process) option and the certificate to process:
$ ssl-cert-check -c /etc/ca/cacert.pem
Host Status Expires Days Left
----------------------------------------------- ------------ ------------ ----------
FILE:/etc/ca/cacert.pem Valid Jan 2 2008 807
2. To check when the certificate used by the prefetch.net web server will
expire, the server name or IP address and a port number can be passed to
ssl-cert-check's "-s" (server name) and "-p" (tcp port) options:
$ ssl-cert-check -s mail.prefetch.net -p 443
Host Status Expires Days Left
----------------------------------------------- ------------ ------------ ----------
prefetch.net:443 Valid Jun 20 2006 246
3. If you manage dozens of SSL-enabled servers, you can place the server
names and port numbers in a file, and run ssl-cert-check against that
file:
$ cat ssldomains
www.prefetch.com 443
mail.prefetch.net 443
mail.google.com 443
www.sun.com 443
www.spotch.com 443
$ ssl-cert-check -f ssldomains
Host Status Expires Days Left
----------------------------------------------- ------------ ------------ ----------
www.prefetch.com:443 Valid May 23 2006 218
mail.prefetch.net:993 Valid Jun 20 2006 246
gmail.google.com:443 Valid Jun 7 2006 233
www.sun.com:443 Valid May 11 2009 1302
www.spotch.com:443 Connection refused Unknown Unknown
4. When ssl-cert-check is executed with the "-i" (print issuer) option,
the issuer is printed along with the certificate expiration date:
$ ssl-cert-check -i -f ssldomains
Host Issuer Status Expires Days Left
----------------------------------- ----------------- -------- ----------- ---------
www.prefetch.com:443 Comodo Limited Valid May 23 2006 218
mail.prefetch.net:993 Equifax Secure In Valid Jun 20 2006 246
gmail.google.com:443 Thawte Consulting Valid Jun 7 2006 233
www.sun.com:443 Sun Microsystems Valid May 11 2009 1302
www.spotch.com:443 Unknown Connection refused Unknown Unknown
5. The expiration interval can be controlled with ssl-cert-check's "-x"
(expiration interval) option, and the e-mail address to send notifications can be
passed as an argument to the "-e" (e-mail address to send alerts) option.
The following example uses both options to send an e-mail notification if one of
more of the hosts listed in the file ssldomains contains a certificate that will
expire within the next 60-days:
$ ssl-cert-check -a -f ssldomains -q -x 60 -e admin@prefetch.net
=================Another Way===========================
1. Get complete available details of an SSL certificate
openssl x509 -text -in ssl.cert
2. Who issued the certificate?
openssl x509 -noout -in ssl.cert -issuer
3. To whom the certificate was issued?
openssl x509 -noout -in ssl.cert -subject
4. To check the expiry date of SSL certificate
openssl x509 -noout -in ssl.cert -dates
5. To get SSL cert’s hash value
openssl x509 -noout -in ssl.cert -hash
6. To get SSL cert’s MD5 fingerprint
openssl x509 -noout -in ssl.cert -fingerprint
To check CSR: openssl req -noout -text -in new.csr
To check key: openssl rsa -noout -text -in new.key
Thank you for such a wonderful Information !!
ReplyDeleteHere is a list of Top LINUX INTERVIEW QUESTIONS
Linux FTP vsftpd Interview Questions
SSH Interview Questions
Apache Interview Questions
Nagios Interview questions
IPTABLES Interview Questions
Ldap Server Interview Questions
LVM Interview questions
Sendmail Server Interview Questions
YUM Interview Questions
NFS Interview Questions
Read More at :- Linux Troubleshooting