Code Snippet: Fetch certificate information from a live endpoint in Go

Published: by

  • Categories:

I generally try to post snippets on my blog that I don't find on a Google search. This is like one of those snippets.

This sample code fetches the time to expiry for a certificate that's currently deployed at a live endpoint.

package main

import (

func main() {
 // Parse cmdline arguments using flag package
 server := flag.String("server", "", "Server to ping")
 port := flag.Uint("port", 443, "Port that has TLS")

 conn, err := tls.Dial("tcp", fmt.Sprintf("%s:%d", *server, *port), &tls.Config{})
 if err != nil {
  panic("failed to connect: " + err.Error())

 // Get the ConnectionState struct as that's the one which gives us x509.Certificate struct
 connectionState := conn.ConnectionState()

 fmt.Printf("Time to expiry for the certificate: %v\n", connectionState.PeerCertificates[0].NotAfter.Sub(time.Now()))


% ./ssl_certs -h
Usage of ./ssl_certs:
  -port uint
     Port that has TLS (default 443)
  -server string
     Server to ping (default "")
% ./ssl_certs
Time to expiry for the certificate: 1843h21m3.857177591s