openssl 인증서 만료일 조회

openssl 인증서 만료일 조회

sangchul.kr SSL 인증서 만료일 조회

echo | openssl s_client -servername sangchul.kr -connect sangchul.kr:443 2>/dev/null | openssl x509 -noout -dates

$ echo | openssl s_client -servername sangchul.kr -connect sangchul.kr:443 2>/dev/null | openssl x509 -noout -dates
notBefore=Aug 24 16:40:08 2020 GMT
notAfter=Nov 22 16:40:08 2020 GMT

openssl s_client -connect sangchul.kr:443 | openssl x509 -noout -enddate

$ openssl s_client -connect sangchul.kr:443 | openssl x509 -noout -enddate
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = sangchul.kr
verify return:1
notAfter=Nov 22 16:40:08 2020 GMT

sangchul.kr SSL 인증서 확인

openssl s_client -connect sangchul.kr:443 | tee sangchul.kr.txt

$ openssl s_client -connect sangchul.kr:443 | tee sangchul.kr.txt
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = sangchul.kr
verify return:1
CONNECTED(00000003)
---
Certificate chain
 0 s:CN = sangchul.kr
   i:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
 1 s:C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
   i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISA7HqKFB2v3f1AqD67hXuOYBcMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
....

echo '' | openssl s_client -connect sangchul.kr:443 | openssl x509 -noout -text

$ echo '' | openssl s_client -connect sangchul.kr:443 | openssl x509 -noout -text
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = sangchul.kr
verify return:1
DONE
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:b1:ea:28:50:76:bf:77:f5:02:a0:fa:ee:15:ee:39:80:5c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
        Validity
            Not Before: Aug 24 16:40:08 2020 GMT
            Not After : Nov 22 16:40:08 2020 GMT
        Subject: CN = sangchul.kr
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f2:c0:cf:28:9f:d6:0a:0d:c7:7c:8b:d0:2c:
                    41:97:86:d9:80:d4:71:6a:ee:08:4d:e2:5a:28:d4:
...

인증서 파일(wildcard_sangchul_kr.crt)로 SSL 인증서 만료일 확인

openssl x509 -in wildcard_sangchul_kr.crt -noout -dates

$ openssl x509 -in wildcard_sangchul_kr.crt -noout -dates
notBefore=Sep 30 00:00:00 2022 GMT
notAfter=Sep 30 23:59:59 2023 GMT

openssl x509 -in cert.pem -enddate -noout

$ openssl x509 -in cert.pem -enddate -noout
notAfter=Sep 30 23:59:59 2023 GMT

SSL(TLS) 인증서 만료일 확인 스크립트

ExpirationDate.sh 파일 생성

vim ExpirationDate.sh

#!/bin/bash

SERVER_NAME=${1:-google.com}
PORT=${2:-443}

echo Domain Name : ${SERVER_NAME}
echo '' | openssl s_client -servername ${SERVER_NAME} -connect ${SERVER_NAME}:${PORT} 2>/dev/null | openssl x509 -noout -dates

chmod +x ExpirationDate.sh

$ ./ExpirationDate.sh
Domain Name : google.com
notBefore=Nov  1 02:19:52 2021 GMT
notAfter=Jan 24 02:19:51 2022 GMT

$ ./ExpirationDate.sh scbyun.com
Domain Name : scbyun.com
notBefore=Oct 14 23:30:33 2021 GMT
notAfter=Jan 12 23:30:32 2022 GMT

 

참고URL

- SSL 인증서 만료일 체크 스크립트 : https://scbyun.com/662

- ShellHacks : https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/