often cert files (in PEM) format contain multiple certs like:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----with the command:openssl x509 -in cert.pem -noout -text I can see the first entry.
Is there any built-in way to display the second entry or all entries.
Is there any simple way to view all entries?
What I'm really interested in are: C, ST, O, OU, CN, of subject, the issuer and the subject's validity dates
2 Answers
The postHow to view all ssl certificates in a bundle?suggests several possibilities:
openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -text -noout
openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -noout (gives shorter output)
keytool -printcert -v -file <certs.crt>The post contains more variations when using Perl, bash, awk and other utilities.
1I would suggest a non-OpenSSL tool: another popular TLS stack, GnuTLS, has a similar certtool program which produces output in the same format.
certtool -i < multiplecerts.pem(They do differ in some small details, such as decoding of less-common certificate extensions.)
2
