9

often cert files (in PEM) format contain multiple certs like:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----

with the command: openssl x509 -in cert.pem -noout -text I can see the first entry.

Is there any built-in way to display the second entry or all entries.

Is there any simple way to view all entries?

What I'm really interested in are: C, ST, O, OU, CN, of subject, the issuer and the subject's validity dates

gelonida
  • 303
  • 1
  • 3
  • 16

2 Answers2

13

The post How to view all ssl certificates in a bundle? suggests several possibilities:

openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -text -noout
openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -noout (gives shorter output)
keytool -printcert -v -file <certs.crt>

The post contains more variations when using Perl, bash, awk and other utilities.

harrymc
  • 455,459
  • 31
  • 526
  • 924
4

I would suggest a non-OpenSSL tool: another popular TLS stack, GnuTLS, has a similar certtool program which produces output in the same format.

certtool -i < multiplecerts.pem

(They do differ in some small details, such as decoding of less-common certificate extensions.)

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
  • Indeed this helps. Will wait a little to see whether there are other answers, but this one will do for my tasks. I rephrased the title accordingly (replaced "with openssl" with "with openssl or another command" – gelonida Nov 04 '20 at 15:09
  • I makrjed the other answer as solutions as there are multiple suggestions. However for my personal usage I will use `certtool` – gelonida Nov 05 '20 at 08:55