Is it possible to checkout the expiration time of a SSL key?
Keys do not expire. Certificates do. Certificates are binary data. They are not human-readable without tools.
Depending on how the certificate as encoded, you can just rename it to .cer and open it on Windows. It’ll then show you all data that’s in the certificate.
With OpenSSL, you can inspect certificates on the command line:
openssl x509 -text -noout -in cert.pem
OpenSSL is available for basically everything, but you may have to install it first.
You’ll get something like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
04:11:24:0f:88:1e:34:22:06:94:05:d0:74:e5:be:96:00:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Let's Encrypt, CN=R3
Validity
Not Before: May 16 13:25:30 2021 GMT
Not After : Aug 14 13:25:30 2021 GMT
Subject: CN=*.stackexchange.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b6:91:0f:2e:ad:e9:c1:d3:44:32:5a:a3:2d:f7:
ca:2f:25:6e:6b:e0:ca:39:d9:63:36:1e:b7:d1:21:
ae:cb:43:12:aa:11:80:dc:3b:30:a9:7b:02:ed:66:
c5:42:ea:b3:9b:61:5d:17:2f:4f:36:d4:fd:7e:df:
ae:da:97:7d:23:e0:e0:f4:be:19:83:9e:a3:1b:2b:
32:a3:11:74:40:6c:dd:e3:ef:20:ee:2d:dc:0f:c2:
49:ce:89:fe:b2:fb:5f:c4:66:55:b5:4e:8b:23:2a:
79:33:2b:e7:94:7f:5d:2a:d8:ea:45:11:35:63:e5:
b6:69:b6:6d:b4:05:50:f8:15:76:36:6c:97:c6:d8:
61:6d:91:18:8a:69:a0:7a:71:aa:4c:d6:fb:b0:d9:
58:8f:f2:f9:e1:c9:9d:54:3d:82:60:81:b2:59:c5:
6a:c7:ff:69:c0:f4:31:08:a1:61:da:62:35:82:d5:
63:7a:af:4b:66:9e:73:23:63:e8:de:30:74:c4:ed:
e0:31:5f:66:70:66:27:fe:8e:a3:4f:c3:98:66:fc:
af:2c:0a:7d:f6:ce:e9:26:48:be:e7:12:7b:09:56:
7a:9a:f8:bc:9f:6d:5e:c1:56:a9:1b:70:cd:01:71:
87:a4:49:d1:3c:5b:31:bd:9d:77:4c:fe:7f:03:2d:
44:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
9C:66:DB:15:43:B5:06:86:B1:00:76:AC:9E:8F:5E:C0:3C:29:87:E8
X509v3 Authority Key Identifier:
keyid:14:2E:B3:17:B7:58:56:CB:AE:50:09:40:E6:1F:AF:9D:8B:14:C2:C6
Authority Information Access:
OCSP - URI:http://r3.o.lencr.org
CA Issuers - URI:http://r3.i.lencr.org/
X509v3 Subject Alternative Name:
DNS:*.askubuntu.com, DNS:*.blogoverflow.com, DNS:*.mathoverflow.net, DNS:*.meta.stackexchange.com, DNS:*.meta.stackoverflow.com, DNS:*.serverfault.com, DNS:*.sstatic.net, DNS:*.stackexchange.com, DNS:*.stackoverflow.com, DNS:*.stackoverflow.email, DNS:*.superuser.com, DNS:askubuntu.com, DNS:blogoverflow.com, DNS:mathoverflow.net, DNS:openid.stackauth.com, DNS:serverfault.com, DNS:sstatic.net, DNS:stackapps.com, DNS:stackauth.com, DNS:stackexchange.com, DNS:stackoverflow.blog, DNS:stackoverflow.com, DNS:stackoverflow.email, DNS:stacksnippets.net, DNS:superuser.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
1.3.6.1.4.1.11129.2.4.2:
......v.D.e......@....(.......1.?.3........yu.Y5.....G0E.!....Q...g^Mrv..."gK
..Y|.q.....|.. d?...#...<...k..V.]J.._.&........v.}>.....Uh$....R.y+..x...j.h.~".....yu.Y].....G0E. ~<H..../Z1..%k.;.Q$$3....m...q)..!....w...O.!............J.C.He...L
Signature Algorithm: sha256WithRSAEncryption
18:05:01:11:f4:4e:e7:51:c4:5e:91:9e:3f:ec:bd:8b:32:85:
5d:74:08:f7:98:15:74:7b:9f:80:49:79:64:a8:ea:7b:0a:0c:
25:ed:08:d0:09:23:e2:48:55:ca:10:4e:d6:d9:d4:34:c3:85:
9b:2b:d0:c4:22:b0:d4:66:bf:49:3a:6d:7e:78:b3:e6:56:c3:
18:83:f4:31:0e:62:3f:34:a6:9d:c4:82:cd:45:13:60:2d:ca:
9e:7f:5c:63:f7:e4:49:8d:1b:a2:75:cd:72:97:fb:2a:c0:c7:
62:76:46:93:5f:8c:84:a4:42:99:50:f6:ef:aa:a6:f7:ab:41:
91:5c:7a:9e:b6:59:4b:e5:b2:da:47:7e:30:30:56:6d:84:0c:
aa:7e:14:80:6f:31:4e:6f:fa:84:d4:42:0c:ab:b8:8c:c6:77:
b1:96:e8:a1:e2:ba:e3:57:e1:f8:b4:b9:40:52:e1:da:62:4c:
d3:0c:7e:41:05:75:a6:ab:9b:71:54:07:36:93:83:f8:f3:38:
ba:b3:41:eb:32:64:39:74:62:6a:d0:18:6d:f7:72:5a:3a:d5:
08:e9:29:b0:e3:44:95:ac:2e:d7:29:b6:7a:3c:df:ad:08:55:
1a:e3:ce:c7:57:fe:8f:1f:66:25:ba:59:73:83:e1:53:ac:38:
a2:4d:36:39