How to check the expiration date of a certificate?

leirga11 · ‎05-20-2020

We encountered some error on default certificates that are expiring. WE renewed the certificates but now we want to know if there is a command to check when will a certificate expire. I tried this command:

/opt/splunk/bin/openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

However, I am getting message:

/opt/splunk/bin/openssl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

Thanks in advance.

ChristophR · ‎11-25-2022

As others have pointed out, the openssl library can of course be used. But, if you wanted to specifically hit the openssl binary from Splunk:

/opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in <PATH TO CERTIFICATE>

SierraX · ‎07-11-2022

If you want to use the Splunk internal openssl, you have to source setSplunkEnv first. To `source` something in linux you can use the command source or like in my example a . (dot)

$: which openssl
/bin/openssl
$: . /opt/splunk/bin/setSplunkEnv
Tab-completion of "splunk <verb> <object>" is available.
$: which openssl
~/bin/openssl

PavelP · ‎05-20-2020

Hello @leirga11

Update: you can just use the system's version of openssl (without /opt/splunk/bin/ 😞

openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem

is this a tgz splunk setup? Check that a corresponding libssl file present. Use strace -e open to check which files are being opened.

ldd - print shared library dependencies

$ ldd /opt/splunk/bin/openssl
        linux-vdso.so.1 =>  (0x00007ffe6c3c4000)
        libssl.so.1.0.0 => /opt/splunk/lib/libssl.so.1.0.0 (0x00007f7a76613000)
        libcrypto.so.1.0.0 => /opt/splunk/lib/libcrypto.so.1.0.0 (0x00007f7a7618c000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f7a75f88000)
        libz.so.1 => /opt/splunk/lib/libz.so.1 (0x00007f7a765ee000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f7a75bba000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f7a76469000)

openssl - expected behaviour:

$ /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            bf:66:ed:f8:8d:d2:74:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
        Validity
            Not Before: Feb  8 13:40:25 2020 GMT
            Not After : Feb  7 13:40:25 2023 GMT
...

strace - trace system calls and signals

$ strace -e open /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
open("/opt/splunk/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/tls/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/opt/splunk/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3

How to check the expiration date of a certificate?

SSL

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Are you a member of the Splunk Community?

How to check the expiration date of a certificate?

SSL

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!