Print SAN domains of a certificate

Published: by

  • Categories:

Since I'm interested in a bit of awk, I'm forcing this in my daily workflow. Today, I was looking for a oneliner to list the SAN domains of a certificate (via openssl output) and didn't really see a nice and concise answer.

echo | openssl s_client -connect 2>&1 | openssl x509 -noout -text |  awk -F, -v OFS="\n" '/DNS:/{gsub(/ *DNS:/, ""); $1=$1; print $0}'
  • -connect Connects to remote endpoint on port 443.
  • -noout -text: Suppress all output, print -text
  • -F,: Field separator is ,
  • -v OFS="\n": Output field separator is newline.
  • /DNS:/: Matches only lines that match the pattern DNS:
  • {gsub(/ *DNS:/, "")} Replaces all instances of ` *DNS:` to empty string.
  • $1=$1: Sets all fields to a newline
  • print $0: Prints the full line