These commands are here for quick reference when debugging is required.

## Checking a server's certificate is signed by a trusted third party

    openssl s_client -CApath /usr/share/ca-certificates/ -connect example.com:443

Near the bottom of the output under the **SSL-Session** section, you are looking for **Verify return code: 0 (ok)** if the certificate is valid.

## Checking expiry date of a certificate on the local machine

    cat /volumes/certs/example.com.pem | openssl x509 -noout -dates

## Checking expiry date of a certificate on a remote HTTPS server

    openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates

Stuff made by Damian Moore

Testing SSL/TLS certificates with OpenSSL

Checking a server's certificate is signed by a trusted third party

Checking expiry date of a certificate on the local machine

Checking expiry date of a certificate on a remote HTTPS server