diff --git a/include/ircd/openssl.h b/include/ircd/openssl.h
index 194fd5e49..0c555b036 100644
--- a/include/ircd/openssl.h
+++ b/include/ircd/openssl.h
@@ -109,6 +109,7 @@ namespace ircd::openssl
 	string_view genX509(const mutable_buffer &out, EVP_PKEY &, const json::object &opts);
 	string_view genX509_rsa(const mutable_buffer &out, const json::object &opts);
 	string_view genX509_ec(const mutable_buffer &out, const json::object &opts);
+	string_view print_subject(const mutable_buffer &buf, const X509 &, ulong flags = -1);
 	string_view subject_common_name(const mutable_buffer &out, const X509 &);
 	const X509 &peer_cert(const SSL &);
 	X509 &peer_cert(SSL &);
diff --git a/ircd/openssl.cc b/ircd/openssl.cc
index ecff49dcd..941798ca9 100644
--- a/ircd/openssl.cc
+++ b/ircd/openssl.cc
@@ -373,6 +373,28 @@ ircd::openssl::subject_common_name(const mutable_buffer &out,
 	return { data(out), size_t(len) };
 }
 
+ircd::string_view
+ircd::openssl::print_subject(const mutable_buffer &buf,
+                             const X509 &cert,
+                             ulong flags)
+{
+	if(flags == ulong(-1))
+		flags = XN_FLAG_ONELINE;
+	else
+		flags = 0;
+
+	const X509_NAME *const subject
+	{
+		X509_get_subject_name(const_cast<X509 *>(&cert))
+	};
+
+	return bio::write(buf, [&subject, &flags]
+	(BIO *const &bio)
+	{
+		X509_NAME_print_ex(bio, const_cast<X509_NAME *>(subject), 0, flags);
+	});
+}
+
 ircd::string_view
 ircd::openssl::printX509(const mutable_buffer &buf,
                          const string_view &pem,