This script does allow a quick check of the local certificates, in order to make sure none of them is expired:
for pem in /etc/ssl/certs/*.crt /etc/ssl/certs/*.pem /etc/pki/tls/certs/*.pem /etc/pki/tls/certs/*.crt; do
printf '%s: %s\n' \
"$(date --date="$(openssl x509 -enddate -noout -in "$pem"|cut -d= -f 2)" --iso-8601)" \
"$pem"
done | sortThe output will look like:
2017-11-06: /etc/pki/tls/certs/ldapserver.pem
2022-12-15: /etc/pki/tls/certs/ca-bundle.crt
2022-12-15: /etc/pki/tls/certs/ca-bundle.trust.crt
2023-02-08: /etc/pki/tls/certs/localhost.crt
2025-07-11: /etc/pki/tls/certs/ldap.local.crt
2033-05-08: /etc/pki/tls/certs/local.crt