When working with TLS cert, I need to check thing like what domain this cert is for, when is this cert going to expire. Or I have setup the cert in standby server, how I can hit it up myself locally to ensure it’s valid?
Check expired day of a cert on server
Before I put this server to public, I want to make sure its cert is right:
echo | openssl s_client -servername [domain-name] -connect 127.0.0.1:443 2>/dev/null | openssl x509 -noout -dates
Check that web server has right cert
echo | openssl s_client -servername [domain-name] -connect 127.0.0.1:443 2>/dev/null | openssl x509 -noout -issuer -subject -dates
Those command works to check the cert being served by web server, if we
have a crt or pem file what do we do.
All above command of openssl receive input from stdin. The cert that
those command operate on are fetch dynamically by openssl s_client. We
can explicitly pass pem file as its input:
openssl x509 -enddate -noout -in file.pem
openssl x509 -noout -issuer -subject -dates -in file.pem