How do I determine the expiration date of a p12 certificate?

Posted on December 15, 2008 by jeff

First you will need to translate the pkcs12 certificate into a PEM certificate.
The PEM certificate is only needed temporarily and can later be removed.

$ openssl pkcs12 -in certificate.p12 -out tempcrt.pem
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

 

Now, we use the tempcrt.pem that we generated to determine the expiration date. The first method, which only displays the expiration date can be retrieved like this:

$ openssl x509 -in tempcrt.pem -noout -enddate
notAfter=Jan  3 23:19:24 2009 GMT

 

The second method which includes a lot more detail about the certificate below, I’ve only included the details relevant to the creation and expiration dates.

$ openssl x509 -in tempcrt.pem -noout -text
        [ ... snip ... ]
        Validity
            Not Before: Jan  3 23:19:24 2008 GMT
            Not After : Jan  3 23:19:24 2009 GMT
        [ ... snip ... ]

 

This entry was posted in Answers, Security, System Administration. Bookmark the permalink.

2 Responses to How do I determine the expiration date of a p12 certificate?

  1. VJ says:
    January 23, 2012 at 1:14 pm

    Yes , short but very useful …thanks a lot.

    Reply
  2. 4fthawaiian says:
    October 4, 2011 at 1:42 pm

    Thanks a ton for this. Saved me a lot of work. :)

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>