Think before you speak, read before you think.

openssl shell 检验 ssl 证书过期时间

语法如下

site=www.youqiantu.com
echo | openssl s_client -servername $site -connect $site:443 2>/dev/null | openssl x509 -noout -dates

添加很多域名的 check

#!/bin/bash

domains='
sentry.google.com
console.google.com
www.google.com
m.google.com
api.google.com
'

for domain in $domains
do
  check_result=$(echo | openssl s_client -servername $domain -connect $domain:443 2>/dev/null | openssl x509 -noout -dates | grep After)
  echo "$domain\t $check_result" | awk -F"\t" '{sub(/^ /,"",$2);printf "%-40s%s\n",$1,$2}'
done

对于自己签发的证书

openssl x509 -enddate -noout -in apiserver.pem 
notAfter=Mar  5 13:23:40 2018 GMT

或者通过第三方工具检查
https://www.ssllabs.com/ssltest/analyze.html
https://whatsmychaincert.com/?jpuyy.com

证书信息 certificate/intermediate/root ca

openssl x509 -in example.com.crt -text -noout

key 信息

openssl rsa -in example.com.key -check 

检查 p12 证书过期时间
https://stackoverflow.com/questions/28373771/how-to-determine-ssl-cert-expire-date-from-the-cert-file-itself-p12/28374749

You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command:

openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes
Then, you can extract the expiration date from the certificate in the .pem file using the following command:

cat certificate.pem | openssl x509 -noout -enddate

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *