Bhushan Kawadkar
Bhushan Kawadkar

Reputation: 28523

How to read tomcat SSL certificate expiration date

I am trying to read tomcat SSL/TLS certificate using Python shell and openssl but getting below error:

openssl x509 -in /opt/conf/.keystore -noout -dates
unable to load certificate
139716531042120:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

My SSL certificate type is ppk7. I have searched many posts but could not find answer.

If anyone can give me solution in python that is also fine.

Upvotes: 2

Views: 4911

Answers (1)

Bhushan Kawadkar
Bhushan Kawadkar

Reputation: 28523

I got a solution (don't know if this is correct or not). I have read server.xml in conf folder of tomcat and get https port as shown below

<Connector SSLEnabled="true" 
 URIEncoding="UTF-8" 
 ........
 ........ 
 port="9443"  <!--https port-->
 scheme="https" 
 secure="true" 
 sslProtocol="TLS"/>

used below shell command to read SSL certificate infor and save it in a file.

openssl s_client -connect MACHINE_HOST_NAME:SSL_PORT_NUMBER > /tmp/FILE_NAME.crt

then decode this file to read expiration date as below

openssl x509 -in /tmp/FILE_NAME.crt -noout -enddate

this produces output like below

notAfter=Aug 31 23:59:59 2019 GMT

similary you can read start date, issuer, serial number etc.

Upvotes: 3

Related Questions