如何显示证书的主题备用名称? [英] How to display the Subject Alternative Name of a certificate?

问题描述

我找到的最接近的答案是使用grep".

The closest answer that I found is using "grep".

> openssl x509 -text -noout -in cert.pem | grep DNS

有没有更好的方法来做到这一点?我只喜欢命令行.

Is there better way to do this? I only prefer command line.

谢谢.

推荐答案

请注意，您可以通过添加以下选项将 -text 的输出限制为仅扩展名:

Note that you can limit the output of -text to just the extensions by adding the following option:

-certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux

即:

openssl x509 -text -noout -in cert.pem \
  -certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux

但是，您仍然需要应用一些文本解析逻辑来获取主题备用名称.

However, you'll still need to apply some text parsing logic to get just the Subject Alternative Name.

如果这还不够，我认为您需要编写一个小程序，使用 openssl 库来提取您要查找的特定字段.下面是一些演示如何解析证书的示例程序，包括提取扩展字段，例如 Subject Alternative Name:

If that isn't sufficient, I think you'll need to write a small program that uses the openssl library to extract the specific field you are looking for. Here are some example programs that show how to parse a cert, including extracting extension fields such as Subject Alternative Name:

https://zakird.com/2013/10/13/证书解析与openssl

请注意，如果您走编程路线，则不必使用 openssl 和 C……您可以选择自己喜欢的语言和 ASN.1 解析器库，然后使用它们.例如，在 Java 中，您可以使用 http://jac-asn1.sourceforge.net/，以及许多其他人.

Note that you don't have to use openssl and C if you go the programming route... you can pick your favorite language and ASN.1 parser library, and use that. For example, in Java, you could use http://jac-asn1.sourceforge.net/, and many others.

这篇关于如何显示证书的主题备用名称?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！