• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

openssl

SSL PEM Expiration

January 6, 2022

Find out when SSL expires from a PEM file.

$ openssl x509 -enddate -noout -in your.cert
notAfter=Jan  5 07:08:14 2032 GMT

$ openssl x509 -enddate -noout -in your.cert notAfter=Jan 5 07:08:14 2032 GMT

notAfter date is returned.

Filed Under: Linux Tagged With: expiration, openssl, pem, ssl

Check Certificate Expiration

October 20, 2021

Here’s the openssl command to find out if a cert is expired.

$ openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2> /dev/null | openssl x509 -noout -dates

$ openssl s_client -connect yourdomain.com:443 -servername yourdomain.com 2> /dev/null | openssl x509 -noout -dates

Result

notBefore=Apr  9 00:00:00 2020 GMT
notAfter=Apr  9 23:59:59 2022 GMT

notBefore=Apr 9 00:00:00 2020 GMT notAfter=Apr 9 23:59:59 2022 GMT

Filed Under: Linux Tagged With: certificate, expiration, openssl, ssl

OpenSSL Upgrade

October 19, 2020

Here’s how to upgrade to OpenSSL 1.1 on Redhat/Centos.

# check
openssl version
yum info openssl
# download and install
cd /usr/local/src
wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
tar -zxf openssl-1.0.2-latest.tar.gz
# compile
cd openssl-1.0.2a
./config
make
make test
make install
# update softlink
mv /usr/bin/openssl /root/
ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
# verify new version
openssl version

# check openssl version yum info openssl # download and install cd /usr/local/src wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz tar -zxf openssl-1.0.2-latest.tar.gz # compile cd openssl-1.0.2a ./config make make test make install # update softlink mv /usr/bin/openssl /root/ ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl # verify new version openssl version

Filed Under: Linux Tagged With: centos, openssl, redhat, upgrade

PFX to PEM

April 22, 2020

Here’s how to convert SSL certificate from PFX to PEM format.

#!/bin/bash
 
echo "This script converts SSL certificates from PFX to PEM."
read -p 'Enter PFX Certificate Name  : ' cert_pfx
read -p 'Enter the Import Passphrase : ' import_passphrase
 
openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase
sleep 3
openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

#!/bin/bash echo "This script converts SSL certificates from PFX to PEM." read -p 'Enter PFX Certificate Name : ' cert_pfx read -p 'Enter the Import Passphrase : ' import_passphrase openssl pkcs12 -in $cert_pfx -nocerts -out cert-key.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -clcerts -nokeys -out cert-body.pem -passin pass:$import_passphrase -passout pass:$import_passphrase openssl pkcs12 -in $cert_pfx -nodes -nokeys -out cert-chain.pem -passin pass:$import_passphrase -passout pass:$import_passphrase sleep 3 openssl rsa -in key.pem -out cert-private.key -passin pass:$import_passphrase -passout pass:$import_passphrase

This was covered in an earlier post, but this script prompts you for the passphrase.

Here’s the expected output.

  • cert-key.pem
  • cert-body.pem
  • cert-chain.pem
  • cert-private.key

Filed Under: Linux Tagged With: conversion, convert, openssl, pem, pfx

SSL Expiry

October 30, 2018

It’s not always clear how to find out when your SSL certificate is expiring. Openssl should be able to tell you.

$ openssl x509 -enddate -noout -in certificate.crt

$ openssl x509 -enddate -noout -in certificate.crt

Filed Under: Linux Tagged With: certificate, expiry, openssl

  • Home
  • About
  • Archives

Copyright © 2023