Extract the ipa file:
$ unzip -q App.ipa
Extract Certificates:
$ codesign -d --extract-certificates Payload/*.app
$ openssl x509 -inform DER -in codesign0 -out codesign0.pem
$ openssl x509 -inform DER -in codesign1 -out codesign1.pem
$ openssl x509 -inform DER -in codesign2 -out codesign2.pem
$ cat codesign1.pem codesign2.pem > cachain.pem
Check the validity of the certificate:
$ openssl ocsp -issuer cachain.pem -cert codesign0.pem -url `openssl x509 -in codesign0.pem -noout -ocsp_uri` -CAfile cachain.pem
Response verify OK
codesign0.pem: good
This Update: Jan 6 02:39:29 2023 GMT
Next Update: Jan 6 14:39:28 2023 GMT
Check the expiry date of the certificate:
$ openssl x509 -inform DER -in codesign0 -noout -nameopt -oneline -subject -serial -dates
subject= /UID=**********/CN=iPhone Distribution: ********** LLC/OU=**********/O=********** LLC/C=US
serial=647A88E251**********BB78165D586F
notBefore=Apr 27 13:05:06 2022 GMT
notAfter=Apr 26 13:05:05 2025 GMT