[
    {
        "role": "user",
        "content": "give%20command%20to%20show%20valid%20date%20range%20for%20an%20ssl%20certificate"
    },
    {
        "role": "assistant",
        "content": "To display the valid date range (\u201cNot Before\u201d & \u201cNot After\u201d) of an SSL/TLS certificate using OpenSSL, use one of the following commands:\n\n---\n\n**For a local certificate file (e.g. `.crt`, `.pem`):**\n\n```bash\nopenssl x509 -in path/to/certificate.crt -noout -dates\n```\n\nThis outputs something like:\n\n```\nnotBefore=Jan  1 00:00:00 2026 GMT\nnotAfter=Dec 31 23:59:59 2026 GMT\n```\n([wiki.geant.org](https://wiki.geant.org/download/attachments/459571364/Linux_Refresher_Federation%20%281%29.pdf?api=v2&modificationDate=1727108699072&version=1&utm_source=openai))\n\n---\n\n**For a certificate served on a remote server (e.g. a website):**\n\n```bash\nopenssl s_client -connect example.com:443 2>/dev/null | openssl x509 -noout -dates\n```\n\nIf the server uses SNI (Server Name Indication), include the hostname explicitly:\n\n```bash\nopenssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -noout -dates\n```\n([sslinsights.com](https://sslinsights.com/check-ssl-certificate-expiration-date-using-openssl/?utm_source=openai))\n\n---\n\n**Optional variations / extra checks:**\n\n- To check whether a certificate will still be valid after a certain number of seconds:\n\n  ```bash\n  openssl x509 -checkend 86400 -noout -in path/to/certificate.crt\n  ```\n  (Here `86400` is seconds = 1 day) ([sslinsights.com](https://sslinsights.com/check-ssl-certificate-expiration-date-using-openssl/?utm_source=openai))\n\n- To see full details including validity period:\n\n  ```bash\n  openssl x509 -in certificate.crt -text -noout | grep -A2 \"Validity\"\n  ```\n  ([digitalocean.com](https://www.digitalocean.com/community/tutorials/ssl-protocol-error?utm_source=openai))\n\n---\n\nIf you want, I can also show how to script this or pull this info automatically for multiple domains."
    }
]