Certificate Management | openssl Commands to Get Field Data From an SSL Certificate File for Populating the Template to Bulk Upload CertificatesSummary<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } This article contains openssl commands that can be run against an exported SSL Certificate file to get the values needed from the certificate to be populated to the cmdb_ci_certificate.xlsx template downloaded from the Bulk Upload Certificates module within the Certificate Management application on ServiceNow instances. The Documentation on Uploading Certificates in Bulk assumes the implementer already knows what exactly should be migrated from a certificate and only provides the field names on the template/cmdb_ci_certificate table. To help customers that may not be sure what to populate from the certificate to the template, these are one to one commands that will return only a single value from the certificate for the single corresponding field on the template that it maps to like below example output. 19BEBA7BBDFB15B7FD24C04BE0AE2EF9131BC702 Optionally, to speed up the process, the last command is a one liner command that will print out all of the available values from the certificate and the template fields they map to in one go. Facts<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } Release<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } All Instructions<!-- /*NS Branding Styles*/ --> .ns-kb-css-body-editor-container { p { font-size: 12pt; font-family: Lato; color: #000000; } span { font-size: 12pt; font-family: Lato; color: #000000; } h2 { font-size: 24pt; font-family: Lato; color: black; } h3 { font-size: 18pt; font-family: Lato; color: black; } h4 { font-size: 14pt; font-family: Lato; color: black; } a { font-size: 12pt; font-family: Lato; color: #00718F; } a:hover { font-size: 12pt; color: #024F69; } a:target { font-size: 12pt; color: #032D42; } a:visited { font-size: 12pt; color: #00718f; } ul { font-size: 12pt; font-family: Lato; } li { font-size: 12pt; font-family: Lato; } img { display: ; max-width: ; width: ; height: ; } } I. One to One Field Mapping Commands The below list of openssl commands will each return the indicated field value from an SSL Certificate file. 1. Replace <full_path_to_certificate_file> in each command with the full path to the SSL Certificate file. 2. Then run the command in a Unix/Linux terminal. version: openssl x509 -in "<full_path_to_certificate_file>" -noout -text | grep -i 'Version:' | sed 's/ (0x.*)//'| awk -F'Version:' '{print $2}' valid_from: openssl x509 -in "<full_path_to_certificate_file>" -noout -startdate | awk -F'notBefore=' '{print $2}' ** Important: This returns the time in MM/DD/YY HH:MM:SS format and has to be converted to time in milliseconds using any online Unix Epoch Time converter tool. valid_to: openssl x509 -in "<full_path_to_certificate_file>" -noout -enddate | awk -F'notAfter=' '{print $2}' ** Important: This returns the time in MM/DD/YY HH:MM:SS format and has to be converted to time in milliseconds using any online Unix Epoch Time converter tool. serial_number: openssl x509 -in "<full_path_to_certificate_file>" -noout -serial | awk -F'serial=' '{print $2}' subject_distinguished_name: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject | awk -F'subject= /' '{print $2}' | sed 's/\//,/g' subject_common_name: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "commonName" | awk -F'=' '{print $2}' subject_organization: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "organizationName" | awk -F'=' '{print $2}' subject_organizational_unit: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "organizationalUnitName" | awk -F'=' '{print $2}' subject_email: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "emailAddress" | awk -F'=' '{print $2}' subject_country: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "countryName" | awk -F'=' '{print $2}' subject_state: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "stateOrProvinceName" | awk -F'=' '{print $2}' subject_locality: openssl x509 -in "<full_path_to_certificate_file>" -noout -subject -nameopt multiline | grep -i "localityName" | awk -F'=' '{print $2}' subject_alternative_name: openssl x509 -in "<full_path_to_certificate_file>" -noout -text | grep -i -A 1 "Subject Alternative Name" | awk -F'=' '{print $2}' issuer_distinguished_name: openssl x509 -in "<full_path_to_certificate_file>" -noout -issuer | awk -F'issuer= /' '{print $2}' | sed 's/\//,/g' issuer_common_name: openssl x509 -in "<full_path_to_certificate_file>" -noout -issuer -nameopt multiline | grep -i "commonName" | awk -F'=' '{print $2}' fingerprint: openssl x509 -in "<full_path_to_certificate_file>" -noout -fingerprint | awk -F'=' '{print $2}' | sed 's/:/ /g' fingerprint_algorithm: openssl x509 -in "<full_path_to_certificate_file>" -noout -fingerprint | awk '{print $1}' key_size: openssl x509 -in "<full_path_to_certificate_file>" -noout -text | grep -i "RSA Public.Key:" | awk -F'Public-Key:' '{print $2}' | sed 's/[^0-9]//g' signature_algorithm: openssl x509 -in "<full_path_to_certificate_file>" -noout -text | grep -i -m 1 "Signature Algorithm:" | awk -F'Signature Algorithm:' '{print $2}' is_ca: openssl x509 -in "<full_path_to_certificate_file>" -noout -text | grep "CA:" | awk -F'CA:' '{print $2}' II. One Liner Command to Get All Certificate Field Values at once 1. Replace <full_path_to_certificate_file> at the beginning of this command with the full path to the SSL Certificate file. 2. Run it as a single line command in a Unix/Linux terminal. PEMPATH="<full_path_to_certificate_file>";openssl x509 -in $PEMPATH -text -noout -fingerprint | grep "Version:\|Signature Algorithm:\|Issuer:\|Not Before\|Not After\|Subject:\|RSA Public.Key:\|CA:\|Fingerprint";openssl x509 -in $PEMPATH -text -noout | grep -A1 "Serial Number\|Subject Alternative"