Linux: Get Subject Alternative Name (SAN) from SSL Certificate

Objective: Get, dump or display the Subject Alternative Name (SAN) field from SSL certificate.

To print the SAN field from Google’s SSL certificate, use the following command syntax.

$ echo|openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -noout -text | grep "Subject Alternative Name" -A2 | grep -Eo "DNS:[a-zA-Z 0-9.*-]*" |  sed "s/DNS://g" 
*.google.com
*.android.com
*.appengine.google.com
*.cloud.google.com
*.google-analytics.com
*.youtube.com
android.com
google-analytics.com
google.com
youtube.com
...
[output truncated]

Each DNS host in the SAN field will be printed on a separate line. The command uses extended grep and it has only been tested to be working on Linux.

If you would like to print the SAN field from a certificate file, use the following syntax.

$ openssl x509 -in /path/to/cert.pem -noout -text | grep "Subject Alternative Name" -A2 | grep -Eo "DNS:[a-zA-Z 0-9.*-]*" | sed "s/DNS://g"
*.example.com
example.com

The cert.pem is the input certificate file from which the SAN field has to be dumped.

Ibrahim is a technology enthusiast with a keen interest in *NIX (Unix, Linux) systems, Android, open source and other tech related stuff. When his cpu load is low, you can probably find him online playing on his Xbox or PlayStation.