[Openvpn-users] Any way to check client ca.crt expiration date

[Leroy T. <ler...@ve...>]

Other than connecting to the client, finding what ca.crt they use and running openssl x509 -in<client ca.crt> -noout -enddate?
The reason I'm asking is that we have a ca.crt which will be expiring in about a year.  I know how to update ca.crt without immediately having to update all clients and how to update all clients (including their own certificates which will expire some time after the ca.crt) and we will be doing that over time.  My concern is accidentally overlooking a client. Thanks for any and all help.