Perl version.  Cleaner?  No eval.  No >().  One line.  Relies on
read to fill the bash vars.  Uses Gilbert's just-one-filter-pass
idea.  Does the date transform at the very end in perl: would be
a sec hole if $e is injected with bad things.  Could easily fix
with setting the $e regex from . to [-.a-zA-Z0-9].  Could also
die in the END if !$e.

$ read SUBJ EXPD <<<$(openssl x509 -noout -text -in /etc/pki/tls/certs/tecnopolis.ca.crt | perl -ne '($e)=/^.*Not After : (.*)/ if !$e; ($s)=/^.*Subject: .*CN = (.*)/ if !$s; END { print $s." ".`date -d"$e" +%Y%b%d`}')
$ echo s=$SUBJ e=$EXPD
s=tecnopolis.ca e=2024Feb22

I like the perl approach because it has the least # of forks, and
really the sky is the limit for taint cleaning and sanity checks.
Plus I find it more readable than bash, and perl is highly
optimized for PCRE so should be pretty fast.  I also understand
perl's quoting intimately vs my general haze with bash.