I was playing around with the TLS certificates in my Linux Academy cluster and wanted an easy way to check all of the expiration dates without having to check each certificate individually. I put together this bash one-liner you might find helpful.
$ for cert in /etc/kubernetes/pki/*.crt; do openssl x509 -in $cert -text -noout | grep -i validity -A3; done
The command iterates through the specified folder and passes each .crt file to openssl, reads it, searches for the Validity section and outputs it.
Validity
Not Before: Jan 16 04:56:05 2020 GMT
Not After : Jan 15 04:56:05 2021 GMT
Subject: CN=kube-apiserver
Validity
Not Before: Jan 16 04:56:06 2020 GMT
Not After : Jan 15 04:56:07 2021 GMT
Subject: O=system:masters, CN=kube-apiserver-etcd-client
Validity
Not Before: Jan 16 04:56:05 2020 GMT
Not After : Jan 15 04:56:05 2021 GMT
Subject: O=system:masters, CN=kube-apiserver-kubelet-client
Validity
Not Before: Jan 16 04:56:05 2020 GMT
Not After : Jan 13 04:56:05 2030 GMT
Subject: CN=kubernetes
Validity
Not Before: Jan 16 04:56:06 2020 GMT
Not After : Jan 13 04:56:06 2030 GMT
Subject: CN=front-proxy-ca
Validity
Not Before: Jan 16 04:56:06 2020 GMT
Not After : Jan 15 04:56:06 2021 GMT
Subject: CN=front-proxy-client