How to discover certificates and their expiry date?


Is there a way to discover what certificates are installed on Unix/Linux machines and then report on their expiry date along with Algorithm hash?


Use openssl to connect to the systems:

echo | openssl s_client -connect -showcerts

The command above assumes TCP 443. That will get you the certificate
chain, and then from there you can parse the output with more ‘openssl’
command magic:

echo | openssl s_client -connect -showcerts |
openssl x509 -text

Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…

Hi lnxbum,

what certificates are installed on Unix/Linux machines

that heavily depends on what you mean by “installed” - there are typical directories for certificates, but an admin can actually put these files anywhere, under any name, and hence you might have a hard time spotting them. They even needn’t be used at all, just sit there.

Once you’ve identified the certificate files, you can use the “openssl” command to extract i.e. validity dates from them at will.