Security

How to check the expiration date of a certificate?

leirga11
New Member

We encountered some error on default certificates that are expiring. WE renewed the certificates but now we want to know if there is a command to check when will a certificate expire. I tried this command:

/opt/splunk/bin/openssl x509 -enddate -noout -in /opt/splunk/etc/auth/server.pem

However, I am getting message:

/opt/splunk/bin/openssl: error while loading shared libraries: libssl.so.1.0.0: cannot open shared object file: No such file or directory

Thanks in advance.

Labels (1)
0 Karma

ChristophR
Explorer

As others have pointed out, the openssl library can of course be used.  But, if you wanted to specifically hit the openssl binary from Splunk:

 

 

/opt/splunk/bin/splunk cmd openssl x509 -enddate -noout -in <PATH TO CERTIFICATE>

 

 

0 Karma

SierraX
Communicator

If you want to use the Splunk internal openssl, you have to source setSplunkEnv first. To `source` something in linux you can use the command source or like in my example a . (dot)

$: which openssl
/bin/openssl
$: . /opt/splunk/bin/setSplunkEnv
Tab-completion of "splunk <verb> <object>" is available.
$: which openssl
~/bin/openssl



0 Karma

PavelP
Motivator

Hello @leirga11

Update: you can just use the system's version of openssl (without /opt/splunk/bin/ 😞

openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem

is this a tgz splunk setup? Check that a corresponding libssl file present. Use strace -e open to check which files are being opened.

ldd - print shared library dependencies

$ ldd /opt/splunk/bin/openssl
        linux-vdso.so.1 =>  (0x00007ffe6c3c4000)
        libssl.so.1.0.0 => /opt/splunk/lib/libssl.so.1.0.0 (0x00007f7a76613000)
        libcrypto.so.1.0.0 => /opt/splunk/lib/libcrypto.so.1.0.0 (0x00007f7a7618c000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f7a75f88000)
        libz.so.1 => /opt/splunk/lib/libz.so.1 (0x00007f7a765ee000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f7a75bba000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f7a76469000)

openssl - expected behaviour:

$ /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            bf:66:ed:f8:8d:d2:74:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=CA, L=San Francisco, O=Splunk, CN=SplunkCommonCA/emailAddress=support@splunk.com
        Validity
            Not Before: Feb  8 13:40:25 2020 GMT
            Not After : Feb  7 13:40:25 2023 GMT
...

strace - trace system calls and signals

$ strace -e open /opt/splunk/bin/openssl x509 -noout -text -in /opt/splunk/etc/auth/server.pem
open("/opt/splunk/lib/tls/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/tls/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/x86_64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
open("/opt/splunk/lib/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
open("/opt/splunk/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...