Listing domains on a UCC/SAN SSL Certificate

Is there a way to list all domains on an SAN/UCC SSL Certificate (ideally using command line on linux/os x)?

Clearly there must be some way to extract the data, since browsers can do it. Unfortunately, I can see the list but can't cut and paste it.


Solution 1:

openssl x509 -text < $CERT_FILE

#=>

. . .
                DNS: . . .
. . .

where $CERT_FILE can have either the .pem or .crt extension.

Shell functions for viewing cert. files and checking that a cert. & key file match can be found here.

Solution 2:

You can list the domains with this command (tested on linux):

cat cert.pem | openssl x509 -text | grep DNS

Solution 3:

If you just want to see the SANs, grep DNS: is the obvious solution.

If you want to have a cleaner list to process further, you can use this Perl regex to extract just the names : @names=/\sDNS:([^\s,]+)/g

For example:

true | openssl s_client -connect example.com:443 2>/dev/null \
| openssl x509 -noout -text \
| perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print join("\n", sort @names);'

Which would output this:

example.com
example.edu
example.net
example.org
www.example.com
www.example.edu
www.example.net
www.example.org

So you could pipe that to while read name; do echo "processing $name ..."; done etc.

Or for a comma-separated list on one line, replace join("\n", with join(",",

(The -0777 switch for perl makes it read the whole input at once instead of line by line)