Firstly, the .pem extension refers only to the type of encoding used in the file.
The common name can be a property of the subject or issuer of the certificate and can be recognized line by line
$ grep CERTIFICATE f.pem -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
and lots of base64 encoded text between them.
If the .pem file contains the x509 certificate , this should work:
openssl x509 -in cacert.pem -noout -text
This will reset the entire certificate. openssl x509 The command has several options for suppressing fields that you do not want to see. You can find those described in the man page under TEXT OPTIONS
You can also choose to display the "subject" of the certificate:
openssl x509 -in cacert.pem -noout -subject
Example:
Let's grab a stackoverflow.com certificate right from the server
$ : | openssl s_client -connect stackoverflow.com:443 > f.pem 2>& 1 && openssl x509 -in f.pem -noout -subject 2>& 1
Outputs:
Subject: CN = *.stackexchange.com