Is there a way to list all domains on an SAN/UCC SSL Certificate (ideally using command line on linux/os x)?
Clearly there must be some way to extract the data, since browsers can do it. Unfortunately, I can see the list but can't cut and paste it.
SnapOverflow
where
$CERT_FILEcan have either the.pemor.crtextension.Shell functions for viewing cert. files and checking that a cert. & key file match can be found here.
You can list the domains with this command (tested on linux):
If you just want to see the SANs,
grep DNS:is the obvious solution.If you want to have a cleaner list to process further, you can use this Perl regex to extract just the names :
@names=/\sDNS:([^\s,]+)/gFor example:
Which would output this:
So you could pipe that to
while read name; do echo "processing $name ..."; doneetc.Or for a comma-separated list on one line, replace
join("\n",withjoin(",",(The
-0777switch for perl makes it read the whole input at once instead of line by line)if you'd like to limit dependencies to openssl, grep, sed and tr and still have easily parseable/iterable output:
what's going on here?
openssl x509 -text -in cert.pemproduces human readable cert informationgrep DNSextracts lines containing the string:DNSsed s/DNS://gremoves all occurrences of:DNS:tr -d ' 'removes all space characterstr , ' 'replaces all coma characters with a space charactertr , \\nreplaces all coma characters with a newline character|the pipe operator passes standard output from the command preceding the pipe to standard input of the command following itThis will show all Alternative domains in certificate (needed by all browsers today)
The answer will be like this