often cert files (in PEM) format contain multiple certs like:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
with the command:
openssl x509 -in cert.pem -noout -text I can see the first entry.
Is there any built-in way to display the second entry or all entries.
Is there any simple way to view all entries?
What I'm really interested in are: C, ST, O, OU, CN, of subject, the issuer and the subject's validity dates
The post How to view all ssl certificates in a bundle? suggests several possibilities:
openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -text -noout
openssl crl2pkcs7 -nocrl -certfile CHAINED.pem | openssl pkcs7 -print_certs -noout (gives shorter output)
keytool -printcert -v -file <certs.crt>
The post contains more variations when using Perl, bash, awk and other utilities.
I would suggest a non-OpenSSL tool: another popular TLS stack, GnuTLS, has a similar certtool program which produces output in the same format.
certtool -i < multiplecerts.pem
(They do differ in some small details, such as decoding of less-common certificate extensions.)
I know this is old, but I found my way here looking to get the subject, validity dates, and issuer from a certificate chain in pem format that contained quite a few commented out lines.
So, on RHEL7 running bash 4.2.46 here's the solution I settled on after extensively reading through the sed documentation over at GNU.org: sed multiline techniques
for CULPRIT in $(sed -n '/^-----BEGIN.*CERTIFICATE-----/{n;p}' CHAIN-FILE-NAME); do
VICTIM="$(printf "${CULPRIT}" | sed -e 's,\/,\\\/,g')"
sed -e '/./{H;$!d;}' -e 'x;/'"${VICTIM}"'/!d' CHAIN-FILE-NAME | openssl x509 -subject -dates -issuer -noout
done
