How to dump the Subject Alternative Name (SAN) from an SSL certificate file
Posted
by
LonelyPixel
on Super User
See other posts from Super User
or by LonelyPixel
Published on 2013-11-10T15:44:56Z
Indexed on
2013/11/10
15:59 UTC
Read the original article
Hit count: 211
I know that I can dump the entire information from a PEM certificate file with this command:
openssl x509 -in certfile -noout -text
And I've already found another direct parameter to show me only the expiry date of a certificate:
openssl x509 -in certfile -noout -enddate
But is there also a shortcut to get only the alternative names? Like when a certificate can be used for example.com as well as www.example.com. In the full dump, it's here:
Certificate:
Data:
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:www.example.com, DNS:example.com
I'd just like to save me the hassle to parse this output and get the domain names only. Is that possible? Otherwise, what would be best practices to parse this output? What can be assumed, what may change? Could I use a regexp like X509v3 Subject Alternative Name:\s*DNS:(\S+)(?:, DNS:(\S+))*
?
© Super User or respective owner