Security

How to check the expiration date of a certificate?

leirga11
New Member

We encountered some error on default certificates that are expiring. WE renewed the certificates but now we want to know if there is a command to check when will a certificate expire. I tried this command:

/opt/splunk/bin/openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

However, I am getting message:

/opt/splunk/bin/openssl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

Thanks in advance.

Labels (1)
0 Karma

SierraX
Communicator

If you want to use the Splunk internal openssl, you have to source setSplunkEnv first. To `source` something in linux you can use the command source or like in my example a . (dot)

$: which openssl
/bin/openssl
$: . /opt/splunk/bin/setSplunkEnv
Tab-completion of "splunk <verb> <object>" is available.
$: which openssl
~/bin/openssl



0 Karma

PavelP
Motivator

Hello @leirga11

Update: you can just use the system's version of openssl (without /opt/splunk/bin/ 😞

openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem

is this a tgz splunk setup? Check that a corresponding libssl file present. Use strace -e open to check which files are being opened.

ldd - print shared library dependencies

$ ldd /opt/splunk/bin/openssl
        linux-vdso.so.1 =>  (0x00007ffe6c3c4000)
        libssl.so.1.0.0 => /opt/splunk/lib/libssl.so.1.0.0 (0x00007f7a76613000)
        libcrypto.so.1.0.0 => /opt/splunk/lib/libcrypto.so.1.0.0 (0x00007f7a7618c000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f7a75f88000)
        libz.so.1 => /opt/splunk/lib/libz.so.1 (0x00007f7a765ee000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f7a75bba000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f7a76469000)

openssl - expected behaviour:

$ /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            bf:66:ed:f8:8d:d2:74:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
        Validity
            Not Before: Feb  8 13:40:25 2020 GMT
            Not After : Feb  7 13:40:25 2023 GMT
...

strace - trace system calls and signals

$ strace -e open /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
open("/opt/splunk/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/tls/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/opt/splunk/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! &#x1f44f; Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...