For Linux and Unix users, you may find a need to check the expiration of Local SSL Certificate files on your system. OpenSSL comes with an SSL/TLS client which can be used to establish a transparent connection to a server secured with an SSL certificate or by directly invoking certificate file.
This guide will discuss how to use openssl command to check the expiration of .p12 and start .crt certificate files.
Below example demonstrates how the openssl command is used:
$ cat /etc/kubernetes/kubelet-ca.crt | openssl x509 -noout -enddate
notAfter=Aug 5 21:38:23 2029 GMTThe /etc/kubernetes/kubelet-ca.crt should be replaced with the correct path to your crt file.
For .p12 files, extract it first to a .pem file using the following command:
openssl pkcs12 -in mycert.p12 -out mycert.pem -nodes
cat mycert.crt | openssl x509 -noout -enddateOne command for this is:
openssl pkcs12 -in mycert.p12 -nodes | openssl x509 -noout -enddateFor certificates already used in Live websites, you can run:
export SITE_URL="computingforgeeks.com"
export SITE_SSL_PORT="443"
openssl s_client -connect ${SITE_URL}:${SITE_SSL_PORT} \
-servername ${SITE_URL} 2> /dev/null | openssl x509 -noout -datesSample output:
..................
notBefore=May 15 00:00:00 2023 GMT
notAfter=May 14 23:59:59 2024 GMTThe expiration date for certificate is =May 14 23:59:59 2020.
Recommended Linux Books to read:
- Best Linux Books for Beginners & Experts
- Best Linux Kernel Programming Books
- Best Linux Bash Scripting Books
Other security related guides:
![Install Kali Linux 2026.1 Step by Step [Full Guide]](https://computingforgeeks.com/wp-content/uploads/2026/03/install-kali-linux-20261-step-by-step-768x403.png "Install Kali Linux 2026.1 Step by Step [Full Guide] 4")
God bless you
Thank you!