Security

How to check the expiration date of a certificate?

leirga11
New Member

We encountered some error on default certificates that are expiring. WE renewed the certificates but now we want to know if there is a command to check when will a certificate expire. I tried this command:

/opt/splunk/bin/openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

However, I am getting message:

/opt/splunk/bin/openssl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

Thanks in advance.

Labels (1)
0 Karma

ChristophR
Explorer

As others have pointed out, the openssl library can of course be used.  But, if you wanted to specifically hit the openssl binary from Splunk:

 

 

/opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in <PATH TO CERTIFICATE>

 

 

0 Karma

SierraX
Communicator

If you want to use the Splunk internal openssl, you have to source setSplunkEnv first. To `source` something in linux you can use the command source or like in my example a . (dot)

$: which openssl
/bin/openssl
$: . /opt/splunk/bin/setSplunkEnv
Tab-completion of "splunk <verb> <object>" is available.
$: which openssl
~/bin/openssl



0 Karma

PavelP
Motivator

Hello @leirga11

Update: you can just use the system's version of openssl (without /opt/splunk/bin/ 😞

openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem

is this a tgz splunk setup? Check that a corresponding libssl file present. Use strace -e open to check which files are being opened.

ldd - print shared library dependencies

$ ldd /opt/splunk/bin/openssl
        linux-vdso.so.1 =>  (0x00007ffe6c3c4000)
        libssl.so.1.0.0 => /opt/splunk/lib/libssl.so.1.0.0 (0x00007f7a76613000)
        libcrypto.so.1.0.0 => /opt/splunk/lib/libcrypto.so.1.0.0 (0x00007f7a7618c000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f7a75f88000)
        libz.so.1 => /opt/splunk/lib/libz.so.1 (0x00007f7a765ee000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f7a75bba000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f7a76469000)

openssl - expected behaviour:

$ /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            bf:66:ed:f8:8d:d2:74:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
        Validity
            Not Before: Feb  8 13:40:25 2020 GMT
            Not After : Feb  7 13:40:25 2023 GMT
...

strace - trace system calls and signals

$ strace -e open /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
open("/opt/splunk/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/tls/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/opt/splunk/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...