Menu
I'm attempting to write a script to keep an eye on my battery of signing credentials for a build server I'm running. I'm almost positive I can accomplish this in a bash script using security(1), but I can't find any examples on how to find expiration information of installed identities in a given keychain (everything looks encrypted).
Has anyone done something similar that might be able to help me get these dates?
976
If you use the find-certificate command line option with security(1), you can output the certificate in PEM format with -p.
From there, use openssl x509 -text to output the fields from the certificate. Reference You should be able to play with options and text output to get the data you need from there.
188
Why not getting it with openssl (x509 --help)
$ openssl x509 -noout -in cert.pem -enddate
answered Oct 22 '25 06:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With