Check the expiration date of a SSL certificate

You can check the expiration of the certificate (for example to help troubleshoot certificate issues).

  1. Open a UNIX command line window.

  2. Enter a query openssl s_client -servername <NAME> -connect <HOST:PORT> 2>/dev/null | openssl x509 -noout -dates.

The expiration date appears in the response as notAfter=<expiration_date>.

For example, if the HOSTis, PORTis 443, using the openssl command, you can see the expiration date is Nov 21, 23:59:59 minutes in 2021.

Certificate rotation

When you update the private key for your certificate, update the certificate if it has expired, or update a certificate in a full bundle in an existing EAA certificate, all the applications using it are marked as ready to deploy. You need to redeploy all the applications when you use it. If you use EAA Client for accessing client-access applications, the EAA Client software connects with the application host with use of the updated certificate once the WebSocket connection is recycled.

Edit certificate parameters

You can update the keys, passwords, certificate content for certificates issued by certificate authority or custom certificates.

  1. Log in to EAA Management Portal.

  2. In the EAA Management Portal navigation menu, select System > Certificates.

  3. On the certificate card, click Edit Certificate.

  4. Update any of the relevant fields like keys, passwords, certificate content, or upload the updated certificate bundle for certificates issued by certificate authority or custom certificates.


Self-signed certificates are not editable.

  1. Click Save changes.