How to check the expiration date of a certificate?

New Member

We encountered some error on default certificates that are expiring. WE renewed the certificates but now we want to know if there is a command to check when will a certificate expire. I tried this command:

/opt/splunk/bin/openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

However, I am getting message:

/opt/splunk/bin/openssl: error while loading shared libraries: cannot open shared object file: No such file or directory

Thanks in advance.

Labels (1)
0 Karma


As others have pointed out, the openssl library can of course be used.  But, if you wanted to specifically hit the openssl binary from Splunk:



/opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in <PATH TO CERTIFICATE>



0 Karma


If you want to use the Splunk internal openssl, you have to source setSplunkEnv first. To `source` something in linux you can use the command source or like in my example a . (dot)

$: which openssl
$: . /opt/splunk/bin/setSplunkEnv
Tab-completion of "splunk <verb> <object>" is available.
$: which openssl

0 Karma


Hello @leirga11

Update: you can just use the system's version of openssl (without /opt/splunk/bin/ 😞

openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem

is this a tgz splunk setup? Check that a corresponding libssl file present. Use strace -e open to check which files are being opened.

ldd - print shared library dependencies

$ ldd /opt/splunk/bin/openssl =>  (0x00007ffe6c3c4000) => /opt/splunk/lib/ (0x00007f7a76613000) => /opt/splunk/lib/ (0x00007f7a7618c000) => /lib64/ (0x00007f7a75f88000) => /opt/splunk/lib/ (0x00007f7a765ee000) => /lib64/ (0x00007f7a75bba000)
        /lib64/ (0x00007f7a76469000)

openssl - expected behaviour:

$ /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
        Version: 1 (0x0)
        Serial Number:
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/
            Not Before: Feb  8 13:40:25 2020 GMT
            Not After : Feb  7 13:40:25 2023 GMT

strace - trace system calls and signals

$ strace -e open /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
open("/opt/splunk/lib/tls/x86_64/", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/tls/", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/x86_64/", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/", O_RDONLY|O_CLOEXEC) = 3
open("/opt/splunk/lib/", O_RDONLY|O_CLOEXEC) = 3
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...