Long story short: Security scan raised a flag about a cert, found that it was an expired root on a cross-signed cert. Yadda yadda, updated intermediates, fixed issue.
However, I noticed that
openssl x509 -noout -text intermediate.crt only lists a single signature on the certificate, even though there are two. I’ve looked over the man page and I can’t find an option that prints additional signatures, and google searches are even less useful.
Is there a parser out there somewhere that will list all of the signatures on a certificate? I notice that Qualys enumerates and follows the various cert paths, but I’d prefer not to have to make prod changes to view certificate metadata.