Testing SSL/TLS certificates with OpenSSL
18th February 2010 (10 years ago)
These commands are here for quick reference when debugging is required.
Checking a server's certificate is signed by a trusted third party
openssl s_client -CApath /usr/share/ca-certificates/ -connect example.com:443
Near the bottom of the output under the SSL-Session section, you are looking for Verify return code: 0 (ok) if the certificate is valid.
Checking expiry date of a certificate on the local machine
cat /volumes/certs/example.com.pem | openssl x509 -noout -dates
Checking expiry date of a certificate on a remote HTTPS server
openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates