See link
openssl genpkey -out device1.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048
openssl req -new -key device1.key -out device1.csr
openssl req -text -in device1.csr -noout
openssl x509 -req -days 7 -in device1.csr -signkey device1.key -out device1.crt
openssl genpkey -out device2.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048
openssl req -new -key device2.key -out device2.csr
openssl x509 -req -days 14 -in device2.csr -signkey device2.key -out device2.crt
#!/bin/bash
set -euo pipefail
IFS=$'\n\t'
# print out certificate end date
certificate_1_enddate=$(openssl x509 -in device1.crt -enddate -noout | cut -d'=' -f 2)
certificate_1_enddate_unix_timestamp=$(date --date="${certificate_1_enddate}" "+%s")
certificate_2_enddate=$(openssl x509 -in device2.crt -enddate -noout | cut -d'=' -f 2)
certificate_2_enddate_unix_timestamp=$(date --date="${certificate_2_enddate}" "+%s")
if (( ${certificate_1_enddate_unix_timestamp} < ${certificate_2_enddate_unix_timestamp} ));
then
echo "device1.crt will expire earlier than device2.crt"
else
echo "device1.crt will expire later than device2.crt"
fi