• Modern UX

    Edit and navigate faster in the terminal with Warp's IDE-like input editor.

  • Warp AI

    AI suggests what commands to run and learns from your documentation.

  • Agent Mode

    Delegate tasks to AI and use natural language on the command line.

  • Warp Drive

    Save and share interactive notebooks, workflows, and environment variables.

  • All Features

Verify Certificate With OpenSSL

Thumbnail for Razvan LudosanuRazvan Ludosanu

Razvan Ludosanu

Founder, learnbackend.dev

Published: 1/31/2024

About Terminus

The short answer

To check the expiration date of a PEM certificate and thus verify that it is still valid, you can use the following openssl x509 command:

 $ openssl x509 -in <cert>  -noout -enddate

Which will write to the standard output the notAfter field of the certificate.

For example:

 $ openssl x509 -in mycert.cer -noout -enddate
notAfter=Sep 19 23:59:59 2023 GMT

You can learn more about generating self-signed certificates with our article on how to generate a certificate signing request.

Easily retrieve this command using Warp’s AI Command Search

If you’re using Warp as your terminal, you can easily retrieve this command using the Warp AI Command Search feature:

Thumbnail for

Entering check certificate expiration openssl in the AI Command Search will prompt an openssl command that can then quickly be inserted into your shell by doing CMD+ENTER.

Verifying a file certificate

To decode and verify an entire certificate, you can use the following command:

 $ openssl x509 -in <cert>  -noout -text

Where:

  • cert is the path to the file certificate.
  • The -noout flag is used to prevent the output of the encoded version of the request.
  • The -text flag is used to output the certificate in text form, including its public key, signature algorithms, etc.

For example:

 $ openssl x509 -in /etc/nginx/ssl/cert.pem -noout -text

Verifying a website’s certificate

To verify the certificate of a website, you can use the following openssl s_client command:

 $ openssl s_client -connect <domain>:443

Which will retrieve the website's certificate identified by domain (e.g. example.com) and output its details in the terminal window, including its chain, issuer, and other information.

For example:

 $ openssl s_client -connect google.com:443

Once downloaded, you can close the client connection by pressing CTRL + c.

Alternatively, you can use the pipe operator combined with the openssl x509 command to directly decode and verify the certificate as follows:

 $ openssl s_client -connect <domain>:443 | openssl x509 -noout -text

Note that to save the certificate into a file on your local machine for future processing, you can use the output redirection operator as follows:

 $ openssl s_client -connect <domain>:443 > cert.pem

Verifying a certificate and a private key match

To verify that a certificate and a private key match, you can compare their modulus by first extracting the modulus of the certificate using the following command:

 $ openssl x509 -noout -modulus -in <certificate>> cert_mod

Then, by extracting the modulus of the private key using the following command:

 $ openssl rsa -noout -modulus -in <private_key> > pkey_mod

Finally, by comparing these two files using the diff command:

 $ diff cert_mod pkey_mod

Which will result in no output if the files are identical.

Verifying a certificate chain

A certificate chain is a series of certificates that are linked together to establish trust and verify the authenticity of a digital certificate.

To verify a certificate chain, you can use the openssl verify command as follows:

 $ openssl verify -untrusted <intermediary-certificate> <certificate>

Where:

  • The -untrusted flag is used to specify the file path of the intermediate certificate.

Written by

Thumbnail for Razvan LudosanuRazvan Ludosanu

Razvan Ludosanu

Founder, learnbackend.dev

Filed Under

Related Articles

List Open Ports in Linux

Learn how to output the list of open TCP and UDP ports in Linux, as well as their IP addresses and ports using the netstat command.

UnixLinux
Thumbnail for Razvan LudosanuRazvan Ludosanu

Count Files in Linux

Learn how to count files and folders contained in directories and subdirectories in Linux using the ls, find, and wc commands.

LinuxUnix
Thumbnail for Razvan LudosanuRazvan Ludosanu

How to Check the Size of Folders in Linux

Learn how to output the size of directories and subdirectories in a human-readable format in Linux and macOS using the du command.

LinuxUnix
Thumbnail for Razvan LudosanuRazvan Ludosanu

Linux Chmod Command

Understand how to use chmod to change the permissions of files and directories. See examples with various chmod options.

Linux
Thumbnail for Razvan LudosanuRazvan Ludosanu

POST JSON Data With Curl

How to send valid HTTP POST requests with JSON data payloads using the curl command and how to avoid common syntax pitfalls. Also, how to solve the HTTP 405 error code.

BashUnixLinux
Thumbnail for Neeran GulNeeran Gul

Format Command Output In Linux

Learn how to filter and format the content of files and the output of commands in Linux using the awk command.

Linux

Create Groups In Linux

Learn how to manually and automatically create and list groups in Linux.

Linux

Switch Users In Linux

Learn how to switch between users, log in as another user, and execute commands as another user in Linux.

Linux

Remover Users in Linux

Learn how to remove local and remote user accounts and associated groups and files in Linux using the userdel and deluser commands.

Linux

Delete Files In Linux

Learn how to selectively delete files in Linux based on patterns and properties using the rm command.

Linux

Find Files In Linux

Learn how to find and filter files in Linux by owner, size, date, type and content using the find command.

Linux

Copy Files In Linux

Learn how to safely and recursively copy one or more files locally and remotely in Linux using the cp and scp command.

Linux

Trusted by hundreds of thousands of professional developers

Download Warp to get started

Download for Mac
Thumbnail for null