Cyber Ninja
asked on
How to check if a remote ssl cert has expired using IP address
How to check if a remote ssl cert has expired using IP address On mac terminal
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How can i use that same command to check the name of the ssl cert on the remote host/port
you may use -checkend to directly check for a specific date
... | openssl x509 -noout -checkend `expr 86400 \* 30` || echo cert will expire within a month
... | openssl x509 -noout -checkend `expr 86400 \* 30` || echo cert will expire within a month
ASKER
What i mean is i can get the name of the ssl cert?
yeah. i guess with -subject and -checksubject
i would advise aginst using checksubject though. grep is better and allows to handle various changes in spacing depending on the openssl lib version
i would advise aginst using checksubject though. grep is better and allows to handle various changes in spacing depending on the openssl lib version
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a lot . It worked i was able to get the answer
ASKER
What’s the risk of having a self signed SSL cert on servers ?
your users won't have that little green thingy that says the site is safe, as their browser won't be able to check you are the owner of the domain they are trying to reach.
and obviously if someone hijacks their dns or intercepts the connection somehow, they can impersonate your service and harvest passwords.
certs are cheap nowadays. some basic certs are even free but they are usually limited in time.
this is starting to be a whole different question. i welcome follow ups but only in the same topic.
and obviously if someone hijacks their dns or intercepts the connection somehow, they can impersonate your service and harvest passwords.
certs are cheap nowadays. some basic certs are even free but they are usually limited in time.
this is starting to be a whole different question. i welcome follow ups but only in the same topic.
ASKER