Listing domains on a UCC/SAN SSL Certificate

Solution 1:

openssl x509 -text < foo.crt should do the trick.

Solution 2:

You can list the domains with this command (tested on linux):

cat cert.pem | openssl x509 -text | grep DNS

Solution 3:

If you just want to see the SANs, grep DNS: is the obvious solution.

If you want to have a cleaner list to process further, you can use this Perl regex to extract just the names : @names=/\sDNS:([^\s,]+)/g

For example:

true | openssl s_client -connect 2>/dev/null \
| openssl x509 -noout -text \
| perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print join("\n", sort @names);'

Which would output this:

So you could pipe that to while read name; do echo "processing $name ..."; done etc.

Or for a comma-separated list on one line, replace join("\n", with join(",",

(The -0777 switch for perl makes it read the whole input at once instead of line by line)