Linux: Get Subject Alternative Name (SAN) from SSL Certificate

Objective: Get, dump or display the Subject Alternative Name (SAN) field from SSL certificate.

To print the SAN field from Google’s SSL certificate, use the following command syntax.

$ echo|openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text | grep "Subject Alternative Name" -A2 | grep -Eo "DNS:[a-zA-Z 0-9.*-]*" |  sed "s/DNS://g" 
*.google.com
*.android.com
*.appengine.google.com
*.cloud.google.com
*.google-analytics.com
*.youtube.com
android.com
google-analytics.com
google.com
youtube.com
...
[output truncated]

*.google.com

*.android.com

*.appengine.google.com

*.cloud.google.com

*.google-analytics.com

*.youtube.com

android.com

google-analytics.com

google.com

youtube.com

...

[output truncated]

Each DNS host in the SAN field will be printed on a separate line. The command uses extended grep and it has only been tested to be working on Linux.

If you would like to print the SAN field from a certificate file, use the following syntax.

$ openssl x509 -in /path/to/cert.pem -noout -text | grep "Subject Alternative Name" -A2 | grep -Eo "DNS:[a-zA-Z 0-9.*-]*" | sed "s/DNS://g"
*.example.com
example.com

$ openssl x509 -in /path/to/cert.pem -noout -text | grep "Subject Alternative Name" -A2 | grep -Eo "DNS:[a-zA-Z 0-9.*-]*" | sed "s/DNS://g"

*.example.com

example.com

The cert.pem is the input certificate file from which the SAN field has to be dumped.

Mohamed Ibrahim

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }