Three ways to check for SSL certificate expiration times

Source: Internet
Author: User
Tags openssl openssl x509 free ssl free ssl certificate ssl certificate

Before, there is a domain name using the online free SSL certificate, and then want to change the certificate after the expiration of Let's encrypt free certificate, then want to query the domain name SSL certificate How many days left expired.

The method of querying the certificate expiration time is very simple, the following uses sslforfree.com this domain to carry on the test, below simple record the step. method One: View on the direct browser

The premise of this method is that your domain name has been directed to the Web server and can be accessed normally on the browser.

First use your browser to access your site's domain name, and then click the lock icon above the address bar to view:


The above is used in Firefox browser to view, other browsers should look at the same method is basically the same. method Two: Use the Openssl tool to view on the server side

Since my service is built on the Centos, after logging in with Xshell or Putty tools, enter the certificate directory and use the OpenSSL command to view:

# Cd/usr/ssl/cert

# OpenSSL x509-in signed.crt-noout-dates

Change it to the directory where you own the certificate, and change the certificate name to the name of the certificate on your own server. method Three: Use the PHP code method to view

If you have multiple domain names that you can access, it's much easier to use code to view them without a single manual view. The following code is attached:

/**
 * Obtain certificate validity
/Public Function getvalidity () {
	$domain = "sslforfree.com";
	$context = stream_context_create (Array ("SSL" => Array ("Capture_peer_cert_chain" => true));
	$socket = Stream_socket_client ("ssl://$domain: 443", $errno, $errstr, Stream_client_connect, $context);
	$context = Stream_context_get_params ($socket);
	foreach ($context ["Options"] ["SSL"] ["Peer_certificate_chain"] as $value) {
		//Use OpenSSL extensions to resolve certificates, use X509 certificate validation functions
		$cerInfo = Openssl_x509_parse ($value);
		if ($cerInfo [' name '], $domain) {
			echo  "Start:". Date ("y-m-d", $cerInfo [' validfrom_time_t ']). "Strpos <br/> ";
			echo "End:". Date ("y-m-d", $cerInfo [' validto_time_t ']);}}

Output content: start:2018-04-06
end:2018-07-05

The above $cerInfo a lot of information parameters, can be interested to print out to see.

The above describes several ways to view the expiration of SSL certificates, generally the most commonly used method is directly in the browser to view, convenient and quick.

Article source: Scatter a place, reprint please specify.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.