How to determine SSL cert expire date from the cert file itself(.p12)

If I have the actual file(.p12) and a Bash shell in Mac, how can I extract certificate and key file and also the certificate expiration date? assuming I have the csr(.p12), key files.

Thanks in advance!

107062 次浏览
小开
最佳答案

You can use openssl to extract the certificate from the .p12 file to a .pem file using the following command:

openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes

Then, you can extract the expiration date from the certificate in the .pem file using the following command:

cat certificate.pem | openssl x509 -noout -enddate
小开

You can make the first answer a one-liner without using the intermediate file:

openssl pkcs12 -in certificate.p12 -nodes | openssl x509 -noout -enddate
小开

Extract the client certificate from the pkcs12 file and print its end date:

openssl pkcs12 -in certificate.p12 -clcerts -nodes | openssl x509 -noout -enddate

If you do not include the -clcerts option you may get the end date from a CA certificate instead of from your own certificate. Several CA certificates are usually included within the file as part of the chain of trust.

小开

Here's how you do it on Windows:

certutil -dump "file.pfx"

P.S. I know the question specifically mentions Mac, this is just in case Google sends you here (like it sent me).


提交答案