[英]how to obtain SSL certificate information of a remote server in c#
i have to develop an application in c# to obtain SSL certificate information like expiry date, issued by, etc based on the DNS (say *.google.com) I provide so that if expiry date is near I can proactively handle it. 我必须在c#中开发一个应用程序,以获取基于我提供的DNS(例如* .google.com)发布的SSL证书信息,如有效期,以便如果到期日期临近,我可以主动处理它。 If i provide the DNS as *.google.com then i need to obtain the details of SSL ceritificate information of that domain. 如果我将DNS提供为* .google.com,那么我需要获取该域的SSL证书信息的详细信息。
I tried following http://awesomeideas.net/page/Cert-Expiry-Check.aspx , but i feel it is for certificates stored in local system. 我尝试了http://awesomeideas.net/page/Cert-Expiry-Check.aspx ,但我觉得它是存储在本地系统中的证书。 i also tried using HttpWebRequest to obtain the details of SSL certificate, but it required me to enter a valid URI which in my case is not availble. 我也尝试使用HttpWebRequest获取SSL证书的详细信息,但它要求我输入一个有效的URI,在我的情况下是不可用的。 i just have DNS name 我只有DNS名称
below is the code i used to obtain information using HttpWebRequest. 下面是我用HttpWebRequest获取信息的代码。 but it required me to enter valid URI of type https://*.domain.com 但它要求我输入https://*.domain.com类型的有效URI
Uri uri = new Uri(DNSEntry);
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri);
request.Method = WebRequestMethods.Http.Get;
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
X509Certificate cert1 = request.ServicePoint.Certificate;
X509Certificate2 cert = new X509Certificate2(cert1);
DateTime dtCertExpiry = Convert.ToDateTime(cert.NotAfter.ToString());
i tried using the following it is working fine : 我尝试使用以下它工作正常:
string strDNSEntry is the DNS for which you need the SSL string strDNSEntry是您需要SSL的DNS
public X509Certificate2 DownloadSslCertificate(string strDNSEntry)
{
X509Certificate2 cert = null;
using (TcpClient client = new TcpClient())
{
//ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;
client.Connect(strDNSEntry, 443);
SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
try
{
ssl.AuthenticateAsClient(strDNSEntry);
}
catch (AuthenticationException e)
{
log.Debug(e.Message);
ssl.Close();
client.Close();
return cert;
}
catch (Exception e)
{
log.Debug(e.Message);
ssl.Close();
client.Close();
return cert;
}
cert = new X509Certificate2(ssl.RemoteCertificate);
ssl.Close();
client.Close();
return cert;
}
}
public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.