diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6cb5a6f..0067443 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * Rename internal function usage() to show_usage()
 * More readable variable names
 * verify_ca_password() looks for a previously set password and verifies it
+* Extract function cert_end_date()
 
 ### Deprecated
 
diff --git a/shellpki b/shellpki
index fb97295..5b40354 100755
--- a/shellpki
+++ b/shellpki
@@ -587,6 +587,10 @@ list() {
     echo "${certs}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs -n1
 }
 
+cert_end_date() {
+    "${OPENSSL_BIN}" x509 -noout -enddate -in "${1}" | cut -d'=' -f2
+}
+
 check() {
     # default expiration alert
     # TODO : permit override with parameters
@@ -594,7 +598,7 @@ check() {
     cur_epoch=$(date -u +'%s')
 
     for cert in ${CRT_DIR}/*; do
-        end_date=$(openssl x509 -noout -enddate -in "${cert}" | cut -d'=' -f2)
+        end_date=$(cert_end_date "${cert}")
         end_epoch=$(date -ud "${end_date}" +'%s')
         diff_epoch=$(( end_epoch - cur_epoch ))
         diff_day=$(( diff_epoch / 60 / 60 / 24 ))