linux 证书有效期查看

查看证书在哪里

利用工具curl

curl https://some/website/page -v

可以看到远端服务器证书信息和本地证书路径
示例

curl https://mirrors.sjtug.sjtu.edu.cn/git/crates.io-index  -v
* About to connect() to mirrors.sjtug.sjtu.edu.cn port 443 (#0)
*   Trying 202.120.58.155...
* Connected to mirrors.sjtug.sjtu.edu.cn (202.120.58.155) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=mirrors.sjtug.sjtu.edu.cn
*       start date: Aug 15 20:15:09 2021 GMT
*       expire date: Nov 13 20:15:07 2021 GMT
*       common name: mirrors.sjtug.sjtu.edu.cn
*       issuer: CN=R3,O=Let's Encrypt,C=US

直接chrome 打开网站，查看证书

查看本地证书有效日期

openssl x509 -in ${cer-path} -noout -dates

openssl 参数

• x509 : Run certificate display and signing utility.
• -noout : Prevents output of the encoded version of the certificate.
• -dates : Prints out the start and expiry dates of a TLS or SSL certificate.
  结果示例

notBefore=May 25 16:09:40 1999 GMT
notAfter=May 25 16:39:40 2019 GMT

查过期日期

openssl x509 -in {cer-path} -enddate -noout

notAfter=May 25 16:39:40 2019 GMT

查多少天后是否过期

7天(7243600=604800秒)后是否过期

openssl x509 -enddate -noout -in {cer-path} -checkend 604800

---

ref:

• https://www.cyberciti.biz/faq/find-check-tls-ssl-certificate-expiry-date-from-linux-unix