How to get public certificate info of a mongod instance

Solution 1:

There's a little python3 program that does exactly what you asked for (with OpenSSL):

$ certcheck www.example.com:443 serverfault.com
 Host (SNI)      | Port | Crt Issuer    | Delta to expiry           | Status 
-----------------+------+---------------+---------------------------+--------
 www.example.com | 443  | DigiCert Inc  | 213 days, 23:50:03.267476 | VALID
 serverfault.com | 443  | Let's Encrypt | 80 days, 13:04:26.637472  | VALID

Note that certcheck accepts a list of hosts to check, you'd need to script that with OpenSSL.

With just OpenSSL, sed and bash:

$ openssl s_client \
  -servername www.example.com \
  -connect www.example.com:443 2>&1 < /dev/null \
| sed -nre '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' \
| openssl x509 -in - -enddate -noout
notAfter=Dec 25 23:59:59 2021 GMT

From man x509:

-enddate
    Prints out the expiry date of the certificate, that is the notAfter date.

-dates
    Prints out the start and expiry dates of a certificate.

-checkend arg
    Checks if the certificate expires within the next arg seconds and exits nonzero if yes it will expire or zero if not.

Replace www.example.com:443 with <your_mongodb_host>:27015.

Solution 2:

You can check the certificate details of your instance through your browser quite easily.please check this article for more reference Check SSL certificates in your browser

You can also use this command to check the certificates serving by this mongodb instance from client side:

openssl s_client -showcerts -connect instance-name:port-no