12/10/2023 0 Comments Testing against earlier tls versionsThe SAN is even used when there aren’t multiple values because the use of a certificate’s common name for verification is deprecated. The SAN of a certificate allows multiple values (e.g., multiple FQDNs) to be associated with a single certificate. One of the most common is the subject alternative name (SAN). X509 extensions allow for additional fields to be added to a certificate. Note: If you receive a default SSL certificate in place of the server certificate, check out this explanation of SNI (Server Name Indication). $ echo | openssl s_client -connect :443 2>/dev/null | openssl x509 -noout -dates # A valid certificate that hasn’t expired yet Below are examples for both a valid and an expired certificate. By piping the output into x509, you can obtain the certificate’s validity period by using the -dates flag. You already saw how s_client establishes a connection to a server in the previous example. There are plenty of monitoring tools to keep an eye on this and ensure that it doesn’t happen to you, but what if you just want to quickly check a certificate’s expiration date from the command line? OpenSSL has you covered.Ĭhecking the expiration date of a certificate involves a one-liner composed of two OpenSSL commands: s_client and x509.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |