Yes, you find and extract the common name (CN) from the certificate using openssl command itself.
What is the Common Name?
The common name (CN) is nothing but the computer/server name associated with your SSL certificate. For example, www.cyberciti.biz or cyberciti.biz or *.cyberciti.biz is CN for this website. The CN usually indicate the host/server/name protected by the SSL certificate. Your SSL certificate is valid only if hostname matches the CN. Your browser can display the CN:
Fig.01: Example of host name and CN match giving out green icon
How do I get common name (CN) from SSL certificate?
The syntax is:
openssl x509 -noout -subject -in your-file.pem
openssl x509 -noout -subject -in exmaple.com.cer
openssl x509 -noout -subject -in /etc/ssl/exmaple.com.cer
For example:
$ openssl x509 -noout -subject -in /etc/ssl/glusterfs.pem
Sample outputs:
subject= /CN=gfs01
Another example:
$ openssl x509 -noout -subject -in /etc/ssl/cyberciti.biz.crt
Sample outputs:
subject= /CN=www.cyberciti.biz
Say hello to certtool command
You can install certtool using the gnutls-bin package on Debian or Ubuntu Linux. Type the following apt-get command/apt command:
$ sudo apt install gnutls-bin
Sample outputs:
Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: libopts25 The following NEW packages will be installed: gnutls-bin libopts25 0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded. Need to get 250 kB of archives. After this operation, 990 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://mirrors.linode.com/ubuntu xenial/main amd64 libopts25 amd64 1:5.18.7-3 [57.8 kB] Get:2 http://mirrors.linode.com/ubuntu xenial-updates/universe amd64 gnutls-bin amd64 3.4.10-4ubuntu1.2 [192 kB] Fetched 250 kB in 0s (14.3 MB/s) Selecting previously unselected package libopts25:amd64. (Reading database ... 34082 files and directories currently installed.) Preparing to unpack .../libopts25_1%3a5.18.7-3_amd64.deb ... Unpacking libopts25:amd64 (1:5.18.7-3) ... Selecting previously unselected package gnutls-bin. Preparing to unpack .../gnutls-bin_3.4.10-4ubuntu1.2_amd64.deb ... Unpacking gnutls-bin (3.4.10-4ubuntu1.2) ... Processing triggers for libc-bin (2.23-0ubuntu5) ... Processing triggers for man-db (2.7.5-1) ... Setting up libopts25:amd64 (1:5.18.7-3) ... Setting up gnutls-bin (3.4.10-4ubuntu1.2) ... Processing triggers for libc-bin (2.23-0ubuntu5) ...
Now run command as follows:
$ certtool -i < your-file.pem
$ certtool -i < /etc/ssl/cyberciti.biz.crt | more
Sample outputs:
X.509 Certificate Information:
Version: 3
Serial Number (hex): 03bb567f2ab8cd904f4168e159115389351b
Issuer: C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3
Validity:
Not Before: Sat Mar 04 23:01:00 UTC 2017
Not After: Fri Jun 02 23:01:00 UTC 2017
Subject: CN=www.cyberciti.biz
Subject Public Key Algorithm: RSA
Algorithm Security Level: High (4096 bits)
.....
..
..
And there you have it, either use the openssl or certtool command to find out the common name (CN) from your SSL certificate.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 1 comment... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Awesome site even though I’ve been using Linux for years, thanks! Keep it up!
Anyway, for SSL troubleshooting I ran across this tool on sourcefore the other day which can handle most tasks including the common name. http://portecle.sourceforge.net/ Hope this helps, I found it very helpful for examining, generating, and importing certificates anywhere!