February 25, 2010

How To See Expiration Date and other Information of a p12 File (PKCS12).

Sooner or later your client or server certificate will expire and it will be nice to update that before it really happens, but to do that you need to know how to get that information. In this blog I will show you how to do that in a Linux environment with openssl, that is a typical scenario when the certificate is located on a remote Linux server that you access with ssh.

First thing to do is to convert the p12 file (PKCS12 format) to X509 format, to do so we use the openssl command.

$ openssl pkcs12 -in maka.p12 -info


When prompted enter the password. Now is the content printed out, find out which CN (Common Name) that is for the server, typically it is the dns name of the server. After located the certificate then copy everything between the below start and end tag,

-----BEGIN CERTIFICATE-----
The content to copy...
-----END CERTIFICATE-----


Past the copied content into a file with prefix .crt. If you were on a Windows system you could now simple double click the crt-file and the information of the certification would be display, but here we will continue using openssl. To use openssl, use the below command using the file name of the file you pasted the certificate into.

$ openssl x509 -in <your_file.crt> -inform PEM -text


Now is the expiration date printed among other information.

No comments: