diff --git a/api/internal/handler/ssl/ssl.go b/api/internal/handler/ssl/ssl.go
index 154a0a9987..ddeb78fb1a 100644
--- a/api/internal/handler/ssl/ssl.go
+++ b/api/internal/handler/ssl/ssl.go
@@ -198,6 +198,9 @@ func (h *Handler) List(c droplet.Context) (interface{}, error) {
 	for _, item := range ret.Rows {
 		ssl := &entity.SSL{}
 		_ = utils.ObjectClone(item, ssl)
+		x509_validity, _ := x509CertValidity(ssl.Cert)
+		ssl.ValidityStart = x509_validity.NotBefore
+		ssl.ValidityEnd = x509_validity.NotAfter
 		ssl.Key = ""
 		ssl.Keys = nil
 		list = append(list, ssl)
@@ -327,6 +330,35 @@ func (h *Handler) BatchDelete(c droplet.Context) (interface{}, error) {
 	return nil, nil
 }
 
+// validity allows unmarshaling the certificate validity date range
+type validity struct {
+	NotBefore, NotAfter int64
+}
+
+func x509CertValidity(crt string) (*validity, error) {
+	if crt == "" {
+		return nil, consts.ErrSSLCertificate
+	}
+
+	certDERBlock, _ := pem.Decode([]byte(crt))
+	if certDERBlock == nil {
+		return nil, consts.ErrSSLCertificateResolution
+	}
+
+	x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+
+	if err != nil {
+		return nil, consts.ErrSSLCertificateResolution
+	}
+
+	val := validity{}
+
+	val.NotBefore = x509Cert.NotBefore.Unix()
+	val.NotAfter = x509Cert.NotAfter.Unix()
+
+	return &val, nil
+}
+
 func ParseCert(crt, key string) (*entity.SSL, error) {
 	if crt == "" || key == "" {
 		return nil, consts.ErrSSLCertificate
@@ -383,8 +415,6 @@ func ParseCert(crt, key string) (*entity.SSL, error) {
 
 	ssl.Snis = snis
 	ssl.Key = key
-	ssl.ValidityStart = x509Cert.NotBefore.Unix()
-	ssl.ValidityEnd = x509Cert.NotAfter.Unix()
 	ssl.Cert = crt
 
 	return &ssl, nil
@@ -424,6 +454,10 @@ func (h *Handler) Validate(c droplet.Context) (interface{}, error) {
 		return nil, err
 	}
 
+	x509_validity, _ := x509CertValidity(input.Cert)
+	ssl.ValidityStart = x509_validity.NotBefore
+	ssl.ValidityEnd = x509_validity.NotAfter
+
 	return ssl, nil
 }