如何显示证书的主题备用名称? [英] How to display the Subject Alternative Name of a certificate?
问题描述
我找到的最接近的答案是使用grep".
The closest answer that I found is using "grep".
> openssl x509 -text -noout -in cert.pem | grep DNS
有没有更好的方法来做到这一点?我只喜欢命令行.
Is there better way to do this? I only prefer command line.
谢谢.
推荐答案
请注意,您可以通过添加以下选项将 -text
的输出限制为仅扩展名:
Note that you can limit the output of -text
to just the extensions by adding the following option:
-certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux
即:
openssl x509 -text -noout -in cert.pem \
-certopt no_subject,no_header,no_version,no_serial,no_signame,no_validity,no_issuer,no_pubkey,no_sigdump,no_aux
但是,您仍然需要应用一些文本解析逻辑来获取主题备用名称
.
However, you'll still need to apply some text parsing logic to get just the Subject Alternative Name
.
如果这还不够,我认为您需要编写一个小程序,使用 openssl 库来提取您要查找的特定字段.下面是一些演示如何解析证书的示例程序,包括提取扩展字段,例如 Subject Alternative Name
:
If that isn't sufficient, I think you'll need to write a small program that uses the openssl library to extract the specific field you are looking for. Here are some example programs that show how to parse a cert, including extracting extension fields such as Subject Alternative Name
:
https://zakird.com/2013/10/13/证书解析与openssl
请注意,如果您走编程路线,则不必使用 openssl 和 C……您可以选择自己喜欢的语言和 ASN.1
解析器库,然后使用它们.例如,在 Java 中,您可以使用 http://jac-asn1.sourceforge.net/,以及许多其他人.
Note that you don't have to use openssl and C if you go the programming route... you can pick your favorite language and ASN.1
parser library, and use that. For example, in Java, you could use http://jac-asn1.sourceforge.net/, and many others.
这篇关于如何显示证书的主题备用名称?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!