I have a list of internal IP addresses 1000+ strong, most of which I suspect are running services on port 443 and therefore will have a certificate installed on the server. These ips all exist on three seperate /24 subnets. My goal is to find out which are using a specific wildcard cert so I know to include that server on our list of devices that we'll need to renew the certificate on when it expires.
I don't have hostnames for these ips as most are devices that won't resolve like firewalls/switches but will still have a certificate installed somewhere (I think)
So far I've tried a few variations of the below, but openssl can't seem to accept cidr format or IP ranges.
openssl s_client -showcerts -connect 10.x.x.x/24:443 </dev/null
Our wildcard certificate that's used widely across our internal server estate is due to expire soon and we need to ascertain on which servers it is being used.
