Openssl: enhancement request -- display Subject Alternative Name

Created on 14 Jul 2017  路  4Comments  路  Source: openssl/openssl

Greetings. It's possible that I have no idea what I'm talking about, so bear with me and please be kind.

openssl has the x509 command to (among other things) display information about a certificate; for example

$ openssl x509 -in mycert.pem -noout -dates
notBefore=Jun 30 11:47:03 2017 GMT
notAfter=Jun 30 11:47:03 2020 GMT

However, as far as I can tell, there is no option to specify the "X509v3 Extensions" or any specific extension. You can view them by disabling everything else, such as

$ openssl x509 -in mycert.pem -noout -text -certopt no_subject,no_header,no_version,no_serial,[...]

but that gets long and ugly.

The point being... it's my understanding that the "Subject Alternative Name" is becoming a very important value in the certificate. Even though it is buried inside the X509v3 Extensions, it would be very nice if the openssl x509 command had an option to easily display the SAN like it does with the subject or dates.

Thank you for your consideration.

picture hymie0

Most helpful comment

Relevant PR for this issue has been merged, this issue can be closed

picture nickthetait on 3 Jan 2018
👍2

All 4 comments

yes, that would be useful to have.
no plans to do it, although a PR would be useful.

richsalz picture richsalz on 15 Jul 2017

I agree that it would be useful. PR welcome ;-)

levitte picture levitte on 15 Jul 2017

I've made a proposal to resolve this.

openssl x509 -ext subjectAltName ...

InfoHunter picture InfoHunter on 25 Jul 2017
👍2

Relevant PR for this issue has been merged, this issue can be closed

nickthetait picture nickthetait on 3 Jan 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mattcaswell picture mattcaswell  路  4Comments
vishal307 picture vishal307  路  3Comments
Legends picture Legends  路  3Comments
evqna picture evqna  路  4Comments
sanjibbaral435 picture sanjibbaral435  路  3Comments