Retrieve certificate expiration date from an .ipa file?

Question

I know how to view the expiration date of an .ipa file's provisioning profile (by renaming the ipa to zip, then unzip it and view the ExpirationDate key in the embedded.mobileprovisioning file).

But how can I view the expiration date of the certificate itself that was used to sign the ipa?

I found that you can use the codesign utility to "extract" certs:

codesign --display --extract-certificates /Applications/Example.app

This produces three files: codesign0, codesign1, codesign2. Not sure how to proceed after that.

score 44 · Accepted Answer · edited Apr 07 '16 at 12:58

44

Do the following:

unzip -q MyApp.ipa
$ codesign -d --extract-certificates Payload/*.app
$ openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -dates

After doing the above, you will get output with:

notAfter=Aug 4 16:08:00 2017 GMT

This is the certificate expiration date.

edited Apr 07 '16 at 12:58

Strille

5,741
2
26
40

answered Apr 07 '16 at 06:54

Roy K

3,319
2
27
43

1

This worked great! Why do I need to create the .pem files? I just ran the last line and got the subject, serial, notBefore and notAfter values. – Strille Apr 07 '16 at 08:21
@Strille Even better :) – Roy K Apr 07 '16 at 09:11

Retrieve certificate expiration date from an .ipa file?

1 Answers1

Linked