CN (Common Name) identifies a single domain in an SSL/TLS certificate. It could be name with wildcard symbols. While SAN (Subject Alternative Name) can provide list multiple different domain names and subdomains on one certificate. Modern web browsers can read and utilize the Subject Alternative Name. .Net and openssl API can also extract SAN information from certificate. Below presented example how to retrieve SAN data from server certificate:
|
$ echo | openssl s_client -connect ladydebug.com:443 2>/dev/null | openssl x509 -noout -text | grep -A1 'Subject Alternative Name' X509v3 Subject Alternative Name: DNS:*.ladydebu.mywhc.ca, DNS:cpanel.ladydebug.com, DNS:cpcalendars.ladydebug.com, DNS:cpcontacts.ladydebug.com, DNS:ladydebu.mywhc.ca, DNS:ladydebug.com, DNS:mail.ladydebug.com, DNS:webdisk.ladydebug.com, DNS:webmail.ladydebug.com, DNS:www.ladydebug.com |
or
|
$ echo | openssl s_client -connect ladydebug.com:443 2>/dev/null | openssl x509 -noout -ext subjectAltName X509v3 Subject Alternative Name: DNS:*.ladydebu.mywhc.ca, DNS:cpanel.ladydebug.com, DNS:cpcalendars.ladydebug.com, DNS:cpcontacts.ladydebug.com, DNS:ladydebu.mywhc.ca, DNS:ladydebug.com, DNS:mail.ladydebug.com, DNS:webdisk.ladydebug.com, DNS:webmail.ladydebug.com, DNS:www.ladydebug.com |