Saturday, 31 October 2020

Digging into certificate expiration using OpenSSL

This popped up on my Twitter feed earlier: -

Check the expiration date of an SSL or TLS certificate

and I thought it worth book marking ...

Checking the expiration of various certificates on my network ....

openssl s_client -servername 192.168.1.1 -connect 192.168.1.1:443 < /dev/null | openssl x509 -noout -dates

depth=0 C = TW, ST = HsinChu, L = HuKou, O = DrayTek Corp., OU = DrayTek Support, CN = Vigor Router

verify error:num=18:self signed certificate

verify return:1

depth=0 C = TW, ST = HsinChu, L = HuKou, O = DrayTek Corp., OU = DrayTek Support, CN = Vigor Router

verify return:1

poll errornotBefore=Aug 30 17:21:28 2020 GMT

notAfter=Sep 29 17:21:28 2021 GMT

openssl s_client -servername 192.168.1.12 -connect 192.168.1.12:443 < /dev/null | openssl x509 -noout -dates

depth=0 CN = HP3050A, L = Vancouver, ST = Washington, C = US, O = HP, OU = HP-IPG

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = HP3050A, L = Vancouver, ST = Washington, C = US, O = HP, OU = HP-IPG

verify error:num=21:unable to verify the first certificate

verify return:1

poll errornotBefore=Mar 16 06:51:44 2012 GMT

notAfter=Mar 11 06:51:44 2032 GMT

openssl s_client -servername nessus.local.com -connect nessus.local.com:8834 < /dev/null | openssl x509 -noout -dates

depth=0 O = Nessus Users United, OU = Nessus Server, L = New York, C = US, ST = NY, CN = nessus.local.com

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 O = Nessus Users United, OU = Nessus Server, L = New York, C = US, ST = NY, CN = nessus.local.com

verify error:num=21:unable to verify the first certificate

verify return:1

poll errornotBefore=Oct  4 12:29:02 2019 GMT

notAfter=Oct  3 12:29:02 2023 GMT


No comments:

Yay, VMware Fusion and macOS Big Sur - no longer "NAT good friends" - forgive the double negative and the terrible pun ...

After macOS 11 Big Sur was released in 2020, VMware updated their Fusion product to v12 and, sadly, managed to break Network Address Trans...