use strict;
use warnings;
use IO::Socket::SSL;
use IO::Socket::SSL::Utils;

# ignore certificate errors since we only want to get the expiration
# time and not transfer any sensitive data
my $cl = IO::Socket::SSL->new(
    PeerAddr => 'www.google.com:443', 
    SSL_verify => 0
) or die "connect failed: $!, $SSL_ERROR";
my $cert = $cl->peer_certificate or die "no peer certificate";
print "expire=".localtime(CERT_asHash($cert)->{not_after})."\n";