Re: where is my SSL certificate in web-server(HTTP...

jeesshnasree · ‎08-10-2025

Hello All,

I tried both commands curl & openssl for check SSL certificate expiry but both out put showing different expiry dates & years in Test server .

why showing diffent expiry year & dates by using curl & openssl commands.

how to know my hostname SSL certificates path .

Environment : Test server
Operating System : Linux 7 & 8 .
Product : Apache HTTPD .
Commands : curl & openssl
Activity : SSL cert fix & validation
Result : openssl works well ( cert is valid) & curl validation shows cert is expired .
Question : where is expired certificate path by executing curl command .

could you please check above mentioned Query & provide me help .

scenario :
I went to certificates path location then executed openssl with certificate & showing output certificate is valid .
"curl -L -v -s https://domain(or)IP-address:443 1>/dev/null " output showing as cert is expired .

Updated with latest certicates then restart HTTPD Instance then openssl & curl showing different expiry year & dates .

How to find cert expired path by using curl command .

How to fix this .

Could you please check & help me .

I am waiting for your valuable reply .

I hope explained issue clearly .

Thanks & Regards ,
JEESSHNASREE

TM · ‎08-11-2025

Hi @jeesshnasree,

You mentionned that you went to the certificate path location of the SSL certificate.

Normally under RHEL (and related), and httpd and mod_ssl packages, the location of the certificate path location can be displayed by the below command

grep -h SSLCertificateFile /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/*.conf | awk ' $1 == "SSLCertificateFile" { print $ 2 } '

And by default it is /etc/pki/tls/certs/localhost.crt.

So the below commands show the start and expiry dates.

openssl x509 -noout -dates -in /etc/pki/tls/certs/localhost.crt

I hope it will help.

Tshimanga

jeesshnasree · ‎08-12-2025

Hello @TM

Thank you for share valuable details .

Still my issue is not resolved .
both paths /etc/pki/tls/certs & /etc/httpd/conf.d certificates are valid by using openssl command & not expired but while use curl command output showing is cert validity expired not sure the reason . Its Test box & not sure about proxy server in the ssl.conf .

Chetan_Tiwary_ · ‎08-11-2025

@jeesshnasree

To see what IP address curl and openssl are actually connecting to, you can use the strace command. Just run it and look for the connect system call. That will tell you the exact address being reached.

You should also check if there is an interception proxy on your network. A proxy could be redirecting your traffic.

If your program is connecting to the wrong place, you might need to update your old certificate chain.

jeesshnasree · ‎08-12-2025

Hello @Chetan_Tiwary_ ,

Could you please provide any example for strace command execute for both curl & openssl .

Thank you @Chetan_Tiwary_ for your help .

Chetan_Tiwary_ · ‎08-12-2025

@jeesshnasree check here how to use strace to get details of the syscalls , especially connect () : https://gist.github.com/grepory/13621ee08bbbc0054a2aa38a755720d0

#strace -e trace=connect -p pid or

#strace -e trace=network -p pid

https://man7.org/linux/man-pages/man1/strace.1.html

where is my SSL certificate in web-server(HTTPD)?

find cert expired path