CertCutover

guide · how-to

How to check an AS2 certificate's expiry date

Whether you're auditing before a rollover or debugging stopped traffic, here are the fastest ways to read a certificate's expiry — and its role and fingerprint while you're at it.

Fastest: paste it (nothing uploaded)

Paste the public certificate into the inspector below. It shows the exact notAfter date, how many days remain, the AS2 role (signing / encryption / TLS), and the SHA-256 fingerprint. Parsing runs in your browser — the certificate never leaves your machine.

From the command line

With OpenSSL, read the validity window directly:

openssl x509 -in cert.pem -noout -dates

Or use the as2inspect CLI, which also infers the AS2 role and buckets urgency, and exits non-zero if a certificate is expired or expiring soon (handy in CI):

as2inspect cert.pem

What to do with the answer

If it's inside 120 days, start planning a rollover; inside 60, treat it as active work; inside 14, it's urgent. See the rollover guide for a zero-downtime swap.

try it

Paste a certificate

public certificate — PEM or DER, never uploaded
loading inspector…