语法如下
site=www.youqiantu.com echo | openssl s_client -servername $site -connect $site:443 2>/dev/null | openssl x509 -noout -dates
添加很多域名的 check
#!/bin/bash
domains='
sentry.google.com
console.google.com
www.google.com
m.google.com
api.google.com
'
for domain in $domains
do
check_result=$(echo | openssl s_client -servername $domain -connect $domain:443 2>/dev/null | openssl x509 -noout -dates | grep After)
echo "$domain\t $check_result" | awk -F"\t" '{sub(/^ /,"",$2);printf "%-40s%s\n",$1,$2}'
done
对于自己签发的证书
openssl x509 -enddate -noout -in apiserver.pem notAfter=Mar 5 13:23:40 2018 GMT
或者通过第三方工具检查
https://www.ssllabs.com/ssltest/analyze.html
https://whatsmychaincert.com/?jpuyy.com
证书信息 certificate/intermediate/root ca
openssl x509 -in example.com.crt -text -noout
key 信息
openssl rsa -in example.com.key -check
检查 p12 证书过期时间
https://stackoverflow.com/questions/28373771/how-to-determine-ssl-cert-expire-date-from-the-cert-file-itself-p12/28374749
You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command: openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes Then, you can extract the expiration date from the certificate in the .pem file using the following command: cat certificate.pem | openssl x509 -noout -enddate
Leave a Reply