How to feel old, part 29459... featuring 8 year old OpenSSL commands

For 3+ decades I have used OpenSSL to decode SSL/TLS certificates with something like:

openssl x509 -noout -text -in cert.pem

One of the big issue with this is cert chains, where there are multiple certs in the PEM file. OpenSSL will only show one of them. Awk, csplit, etc can all do this as well but it was always mildly frustrating. I just discovered during an unrelated search that there is a "new" command in OpenSSL called "storeutl".

I say new because it was introduced in 2018. Wow. How to feel old. If you instead use:

openssl storeutl -noout -text cert.pem

(note no -in ) you'll get the output of all of them. Grep for the fields you want (no -certopt available) and you have all the certs in the list decoded without any complex work.