How to dump the Subject Alternative Name (SAN) from an SSL certificate file

Posted by LonelyPixel on Super User See other posts from Super User or by LonelyPixel
Published on 2013-11-10T15:44:56Z Indexed on 2013/11/10 15:59 UTC
Read the original article Hit count: 211

Filed under:
|
|

I know that I can dump the entire information from a PEM certificate file with this command:

openssl x509 -in certfile -noout -text

And I've already found another direct parameter to show me only the expiry date of a certificate:

openssl x509 -in certfile -noout -enddate

But is there also a shortcut to get only the alternative names? Like when a certificate can be used for example.com as well as www.example.com. In the full dump, it's here:

Certificate:
    Data:
        X509v3 extensions:
            X509v3 Subject Alternative Name: 
                DNS:www.example.com, DNS:example.com

I'd just like to save me the hassle to parse this output and get the domain names only. Is that possible? Otherwise, what would be best practices to parse this output? What can be assumed, what may change? Could I use a regexp like X509v3 Subject Alternative Name:\s*DNS:(\S+)(?:, DNS:(\S+))*?

© Super User or respective owner

Related posts about ssl

Related posts about certificate