openssl-s_client:tldr:7221b
openssl-s_client: Display the start and expiry dates for a domain's certificate.
$ openssl s_client -connect ${host}:${port} 2>/dev/null | openssl x509 -noout -dates
try on your machine
This command is used to check the expiration dates of an SSL/TLS certificate for a specific host and port. Here is a breakdown of the command:
openssl s_client
: This command starts an OpenSSL client that allows you to establish an SSL/TLS connection with a remote server.-connect ${host}:${port}
: This option specifies the host (website domain or IP address) and port number you want to connect to.${host}:${port}
is a placeholder that should be replaced with the actual host and port values. For example,google.com:443
.2>/dev/null
: This part redirects the standard error output (2
) to the null device (/dev/null
). It means any potential error messages will not be displayed in the terminal.|
: The pipe symbol (|
) is a command-line construct used to pass the output of one command as input to another command.openssl x509
: This command is used for certificate-related operations.-noout
: This option instructsopenssl x509
to not display the certificate itself, but only certain information about it.-dates
: This option specifies that the command should display the certificate's validity dates, including the notBefore and notAfter dates.
When you run this command, it connects to the specified host and port using SSL/TLS and retrieves the certificate provided by the server. The certificate's expiration dates are then extracted and displayed in the terminal.
This explanation was created by an AI. In most cases those are correct. But please always be careful and
never run a command you are not sure if it is safe.