How to check if a remote ssl cert has expired using IP address

Thanks a lot skullnobrains

How can i use that same command to check the name of the ssl cert on the remote host/port

you may use -checkend to directly check for a specific date

... | openssl x509 -noout  -checkend `expr 86400 \* 30` || echo cert will expire within a month

What i mean is i can get the name of the ssl cert?

yeah. i guess with -subject and -checksubject

i would advise aginst using checksubject though. grep is better and allows to handle various changes in spacing depending on the openssl lib version

Thanks a lot . It worked i was able to get the answer

What’s the risk of having a self signed SSL cert on servers ?

your users won't have that little green thingy that says the site is safe, as their browser won't be able to check you are the owner of the domain they are trying to reach.

and obviously if someone hijacks their dns or intercepts the connection somehow, they can impersonate your service and harvest passwords.

certs are cheap nowadays. some basic certs are even free but they are usually limited in time.

this is starting to be a whole different question. i welcome follow ups but only in the same topic.