For a certificate that is deployed, determine the host and port, then check it using openssl.
$ echo q | openssl s_client -connect ${HOST}:${PORT} | openssl x509 -text -dates | grep notAfter
where
${HOST}is the hostname of the SSL service${PORT}is the port number of the SSL service. You can also use the service name, e.g.https