Verify the certificate

You can inspect the certificates on each node to ensure that the names you added are present in the final output.

To inspect a certificate, execute the following command:

openssl x509 -in PATH_TO_CERT -ext subjectAltName -noout

Where PATH_TO_CERT is the certificate that you want to verify.

This command returns output similar to the following:

openssl x509 -in local_cert.pem -ext subjectAltName -noout

X509v3 Subject Alternative Name:
  DNS:localhost, DNS:ipv4-localhost, DNS:ipv6-localhost, DNS:cli.dc-1.consul, DNS:client.dc-1.consul,
  IP Address:, IP Address:, IP Address:0:0:0:0:0:0:0:1, IP Address:

The list of names and IP addresses should match those that you added in Step 2: Create the local signature config file.