How can I compare two SSL certificates?
Solution 1:
Packet capture clients using each on the wire. Use a tool that can do a bit of analysis on the conversations like Wireshark. Or get fancy and use wire data analytics products like ExtraHop, Dynatrace, or LANGuardian. The advantage here is that you see the actual TLS implementations in use. Not likely that one of the implementations is broken, but it is possible.
For looking at certs, OpenSSL is not the only game in town, any operating system you might use a cert on will have utilities to query them. The PowerShell pki module is neat because you can filter by or look at any or all properties.
Solution 2:
Openssl provides a tool to decode them:
openssl x509 -text -in bla.pem
You could subsequently use vimdiff
to compare them, or any other diffing tool.
One guess is that if you included the proper domain names, did you also include them as 'subject alternative name'?