remote check of server cert expiration date

Scripts to manage certificates or generate config files

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
jehanproc
OpenVpn Newbie
Posts: 1
Joined: Mon Mar 13, 2023 11:41 am

remote check of server cert expiration date

Post by jehanproc » Mon Mar 13, 2023 11:47 am

hello

I want to check from a remote management server the expiration date of the server's TLs cert .
for many services (apache for example) I use
openssl s_client -showcerts -connect server.domain.fr:443

Although my openvpn server does run on 443 port , adding a pipe to above command ( | openssl x509 -dates -noout ) doesn't show me the notAfter expected date :-(

Code: Select all

write:errno=0
unable to load certificate
140494133994816:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
without the pipe openssl, I do get

Code: Select all

CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 310 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
but the expiration date doesn't show . How can I get that expiration date ?

thanks .

rondeaut
OpenVpn Newbie
Posts: 7
Joined: Wed Jul 19, 2023 1:54 am

Re: remote check of server cert expiration date

Post by rondeaut » Wed Jul 19, 2023 3:11 am

This may be unhelpful, but when we perform this check we ssh into the server and check the expiry date directly on the cert. I wasn't able to figure out how to do it directly like you are trying to do.

rondeaut
OpenVpn Newbie
Posts: 7
Joined: Wed Jul 19, 2023 1:54 am

Re: remote check of server cert expiration date

Post by rondeaut » Wed Jul 19, 2023 6:03 am

Note that you can get the CA expiry date from the CA certs that are distributed to the clients, so if you have access to those then that is another way of getting the information.

Post Reply