Hi @slart, I’ve never seen a way to do that. I just did a search and found that people have asked the same question on StackOverflow a number of times, and all of the answers appeared to suggest parsing the output from -text, or else writing a program to do it.
We do have logic in Certbot to do this from Python, and you can find it in
if you wanted to try to adapt it into a standalone Python program.
I also looked at certtool from GNUTLS, which sometimes has options that openssl doesn’t, but I didn’t see an easy way to do this with that program either.