Got the cert from a domain in my AWS account, the cert is issued by AWS ACM:
aws acm get-certificate --certificate-arn arn:aws:acm:us-east-1:...:certificate/... --query CertificateChain | jq . -r > ca.pem
There are 3 items in that file. I would like to get the issuer and subject for each item in that file. I found the following on the web, and it works ok:
$ openssl crl2pkcs7 -nocrl -certfile ca.pem | openssl pkcs7 -print_certs -noout
subject=C = US, O = Amazon, OU = Server CA 1B, CN = Amazon
issuer=C = US, O = Amazon, CN = Amazon Root CA 1
subject=C = US, O = Amazon, CN = Amazon Root CA 1
issuer=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
subject=C = US, ST = Arizona, L = Scottsdale, O = "Starfield Technologies, Inc.", CN = Starfield Services Root Certificate Authority - G2
issuer=C = US, O = "Starfield Technologies, Inc.", OU = Starfield Class 2 Certification Authority
But, seriously? There is no way to remember this unless you work with that stuff every day. Surely there is something simpler? Another command available on Ubuntu, or maybe a library in Python or Go, or something? anything to make basic cert management simpler than openssl would be much appreciated.
