How to get certificate common name from PEM file
Various articles online have lead me to believe that a server
certificate's common name must be an exact match to the root URL it is
valid for. However, when I look at a bunch of the files in /etc/ssl/certs,
via the command openssl x509 -inform PEM -in <certfile.pem> -text, I see
that the CN value is generally a human readable description of the site
(e.g. "Google Internet Authority"), not a domain name. In fact, I can't
see anything in any of the files that looks like a domain name or ip
address, either in them or in the output from openssl s_client -connect
<ip>.
So, is my understanding of 'common name' incorrect? How do I retrieve the
url from the certificate, for which the certificate is valid?
No comments:
Post a Comment