Testing SSL/TLS certificates with OpenSSL

18th February 2010 (10 years ago)

These commands are here for quick reference when debugging is required.

Checking a server's certificate is signed by a trusted third party

openssl s_client -CApath /usr/share/ca-certificates/ -connect example.com:443

Near the bottom of the output under the SSL-Session section, you are looking for Verify return code: 0 (ok) if the certificate is valid.

Checking expiry date of a certificate on the local machine

cat /volumes/certs/example.com.pem | openssl x509 -noout -dates

Checking expiry date of a certificate on a remote HTTPS server

openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -dates