guide · how-to
How to check an AS2 certificate's expiry date
Whether you're auditing before a rollover or debugging stopped traffic, here are the fastest ways to read a certificate's expiry — and its role and fingerprint while you're at it.
Fastest: paste it (nothing uploaded)
Paste the public certificate into the inspector below. It shows the exact notAfter date, how many days remain, the AS2 role (signing / encryption / TLS), and the SHA-256 fingerprint. Parsing runs in your browser — the certificate never leaves your machine.
From the command line
With OpenSSL, read the validity window directly:
openssl x509 -in cert.pem -noout -dates
Or use the as2inspect CLI, which also infers the AS2 role and buckets urgency, and exits non-zero if a certificate is expired or expiring soon (handy in CI):
as2inspect cert.pem
What to do with the answer
If it's inside 120 days, start planning a rollover; inside 60, treat it as active work; inside 14, it's urgent. See the rollover guide for a zero-downtime swap.
try it