How can you determine the expiration date of an SSL certificate, given the certificate file?  An expired certificate may lead to BAD_PARAM and NO_PERMISSION exceptions when using VisiSecure.

The following tools may be used to determine the expiration date or validity period of an SSL certificate:

• OpenSSL - an open source cryptography and SSL/TLS toolkit
• Java Keytool - a key and certificate management utility

Using OpenSSL, the command below outputs the expiration date of the certificate:

$ openssl x509 -in [CERTIFICATE] -noout -enddate
This is a sample output of the command above:

$ openssl x509 -in cert3 -noout -enddate
notAfter=Mar 16 20:41:26 2011 GMT
The date "Mar 16 20:41:26 2011 GMT" refers to its expiration date.

For more information on OpenSSL: www.openssl.org

Using Java Keytool, the command below prints out the certificate:

$ keytool -printcert -v -file [CERTIFICATE]
This is a sample output of the command above:

$ keytool -printcert -v -file cert3
Owner: CN=Borland Demo CA, OU=R&D, O=Borland Software Corp., L=San Mateo, ST=California, C=US
Issuer: CN=Borland Demo CA, OU=R&D, O=Borland Software Corp., L=San Mateo, ST=California, C=US
Serial number: 737ab23a
Valid from: Sat Mar 17 04:41:23 SGT 2001 until: Thu Mar 17 04:41:26 SGT 2011
Certificate fingerprints:

MD5: 71:53:30:E2:87:91:D0:46:DB:D2:FC:0D:95:E5:4F:6B

SHA1: F7:8A:BB:E4:08:7F:93:19:C0:4B:5E:B0:22:0D:9B:42:1E:53:FB:FE

The validity of the certificate is stated in the line:

Valid from: Thu Mar 22 12:35:53 SGT 2001 until: Thu Mar 17 04:41:26 SGT 2011

From the above line, the expiry date of the certificate is "Thu Mar 17 04:41:26 SGT 2011".