diff --git a/include/haproxy/ssl_utils.h b/include/haproxy/ssl_utils.h
index 3391efd38..74426e029 100644
--- a/include/haproxy/ssl_utils.h
+++ b/include/haproxy/ssl_utils.h
@@ -45,6 +45,8 @@ void exclude_tls_grease(char *input, int len, struct buffer *output);
 int x509_v_err_str_to_int(const char *str);
 const char *x509_v_err_int_to_str(int code);
 long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d);
+const char *x509_get_notbefore(X509 *cert);
+const char *x509_get_notafter(X509 *cert);
 
 #endif /* _HAPROXY_SSL_UTILS_H */
 #endif /* USE_OPENSSL */
diff --git a/src/ssl_utils.c b/src/ssl_utils.c
index 4a85b8918..dfa069dd3 100644
--- a/src/ssl_utils.c
+++ b/src/ssl_utils.c
@@ -700,3 +700,56 @@ long asn1_generalizedtime_to_epoch(ASN1_GENERALIZEDTIME *d)
 
 	return -1;
 }
+
+/* Return the nofAfter value as as string extracted from an X509 certificate
+ * The returned buffer is static and thread local.
+ */
+const char *x509_get_notafter(X509 *cert)
+{
+	BIO *bio = NULL;
+	int write;
+	static THREAD_LOCAL char buf[256];
+
+	memset(buf, 0, sizeof(buf));
+
+	if ((bio = BIO_new(BIO_s_mem())) ==  NULL)
+		goto end;
+	if (ASN1_TIME_print(bio, X509_getm_notAfter(cert)) == 0)
+		goto end;
+	write = BIO_read(bio, buf, sizeof(buf)-1);
+	buf[write] = '\0';
+	BIO_free(bio);
+
+	return buf;
+
+end:
+	BIO_free(bio);
+	return NULL;
+}
+
+/* Return the nofBefore value as as string extracted from an X509 certificate
+ * The returned buffer is static and thread local.
+ */
+const char *x509_get_notbefore(X509 *cert)
+{
+	BIO *bio = NULL;
+	int write;
+	static THREAD_LOCAL char buf[256];
+
+	memset(buf, 0, sizeof(buf));
+
+	if ((bio = BIO_new(BIO_s_mem())) ==  NULL)
+		goto end;
+	if (ASN1_TIME_print(bio, X509_getm_notBefore(cert)) == 0)
+		goto end;
+	write = BIO_read(bio, buf, sizeof(buf)-1);
+	buf[write] = '\0';
+	BIO_free(bio);
+
+	return buf;
+
+end:
+	BIO_free(bio);
+	return NULL;
+}
+