I got tired of not having a clear answer when my certs were expiring so I made this little script to help me. You can run it on your workstation or on any Linux/Mac that has uptodate CA's. #!/bin/bash clear echo "SERVER CERTIFICATE EXPIRATION DATES:" echo "------------------------------------" server=mail.mattila.eu echo "" echo "server = ${server}" echo "" echo "" echo "#### WWW port (client2server) ####" echo "------------------------------------" echo " SSL certificate on port 443" echo |openssl s_client -showcerts -connect $server:443 2>/dev/null | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo "" echo "#### SMTP ports (server2server) ####" echo "------------------------------------" echo " TLS certificate on port 25" echo |openssl s_client -showcerts -connect $server:25 2>/dev/null -starttls smtp | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo " SSL certificate on port 465" echo |openssl s_client -showcerts -connect $server:465 2>/dev/null | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo " TLS certificate on port 587" echo |openssl s_client -showcerts -connect $server:587 2>/dev/null -starttls smtp | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo "" echo "#### IMAP ports (client2server) ####" echo "------------------------------------" echo " SSL certificate on port 143" echo |openssl s_client -showcerts -connect $server:143 2>/dev/null -starttls imap | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo " SSL certificate on port 993" echo |openssl s_client -showcerts -connect $server:993 2>/dev/null | openssl x509 -dates | grep After | sed 's/notAfter=/ Expires = /' echo "" echo ""