How to check SSL expiry date via the command line

July 19, 2025 / SSL Web Hosting

This guide shows you how to check the SSL certificate expiration date using the Windows command line. SSL/TLS certificates secure websites and data, so keeping track of their expiry is essential. Windows offers a few command-line tools to help you do this easily.

Follow the steps below:

  1. To check the expiry of a local certificate, you can use Windows’ built-in tool called “certutil”, which helps manage and inspect certificates. Follow the steps:
    1. Locate your certificate file (e.g., .cer or .crt).
    2. Open Command Prompt (search for cmd in the Start menu).
    3. Run the following command:
      certutil -verify -urlfetch certificate.cer

      Replace certificate.cer with your actual file name.

    4. Look for the line labelled “Not After”; this shows the certificate’s expiration date.
  2. To check a remote website certificate using “OpenSSL.” This feature is not included by default in Windows. Follow the steps:
    1. Download and install OpenSSL for Windows from a trusted source.
    2. Open Command Prompt.
    3. Run this command:
      openssl s_client -connect www.example.com:443 < NUL | openssl x509 -noout -dates
    4. Replace “www.example.com” with the domain you want to check.
    5. Look for the line starting with “notAfter” to see the expiry date.

This way, you can check SSL certificate expiration dates. It helps stop service disruptions and maintains secure connections. These command-line methods make it easy to stay on top of certificate renewals.

Worried about SSL certificate expiry?
Avoid downtime and security warnings with a trusted SSL certificate solution.

Next Step: How to install an SSL certificate for a domain in Plesk

Spread the love