diff --git a/include/opendht/crypto.h b/include/opendht/crypto.h
index 82163aefa76e13422040732f6264a044fb112673..f961c59e415170850456eed1ef71146f6c7f2014 100644
--- a/include/opendht/crypto.h
+++ b/include/opendht/crypto.h
@@ -298,6 +298,8 @@ struct OPENDHT_PUBLIC Certificate {
     /** Read certificate alternative names */
     std::vector<std::pair<NameType, std::string>> getAltNames() const;
 
+    std::chrono::system_clock::time_point getExpiration() const;
+
     /**
      * Returns true if the certificate is marked as a Certificate Authority.
      */
diff --git a/src/crypto.cpp b/src/crypto.cpp
index f40337c33fc1c0a96523dfeb224b203b78bdbe1f..c00781bc0ee60ceacdc9c94a4f5a8260da910478 100644
--- a/src/crypto.cpp
+++ b/src/crypto.cpp
@@ -759,6 +759,15 @@ Certificate::addRevocationList(std::shared_ptr<RevocationList> list)
     revocation_lists.emplace_back(std::move(list));
 }
 
+std::chrono::system_clock::time_point
+Certificate::getExpiration() const
+{
+    auto t = gnutls_x509_crt_get_expiration_time(cert);
+    if (t == (time_t)-1)
+        return std::chrono::system_clock::time_point::min();
+    return std::chrono::system_clock::from_time_t(t);
+}
+
 PrivateKey
 PrivateKey::generate(unsigned key_length)
 {