stackoom
  简体   繁体   中英

obtain ssl certificate information - .net

 原文  2013-03-11 09:43:23       c#/ ssl-certificate

Question

i am looking to get the data from any given domain names SSL certificate. For example I want to put in any website address eg " http://stackoverflow.com " and my code would firstly check if an SSL certificate exists. If it does then I want it to pull out the expiry date of the certificate. [ i am reading Domainnames from DB ] Example : http://www.digicert.com/help/

i need to create a web service to check expiry date. how can i implement it?? - I have looked up loads of different things such as RequestCertificateValidationCallback and ClientCertificates etc. Since i am new to this, i am not sure what has to be done.

I could be completely wrong (hence why I need help) but would I create a HTTPWebRequest and then somehow request the client certificate and specific elements that way?

i tried the example provided @SSL certificate pre-fetch .NET , but i am getting forbitten 403 error.

Any help would be much appreciated - Thank you.

This is the code i have written which is throwing 403 forbidden error. 

        Uri u = new Uri("http://services.efi.com/");
        ServicePoint sp = ServicePointManager.FindServicePoint(u);

        string groupName = Guid.NewGuid().ToString();
        HttpWebRequest req = HttpWebRequest.Create(u) as HttpWebRequest;
        req.Accept = "*/*";
        req.ConnectionGroupName = groupName;

        using (WebResponse resp = req.GetResponse())
        {
            // Ignore response, and close the response.
        }
        sp.CloseConnectionGroup(groupName);

        // Implement favourite null check pattern here on sp.Certificate
        string expiryDate = sp.Certificate.GetExpirationDateString();

        string str = expiryDate;

3 answers

solution1
 6  2013-03-11 09:56:10

This works fine: 

namespace ConsoleApplication1
{
  using System;
  using System.Net;
  using System.Net.Security;
  using System.Security.Cryptography.X509Certificates;

  class Program
  {
    static void Main()
    {
      ServicePointManager.ServerCertificateValidationCallback += ServerCertificateValidationCallback;

      var request = WebRequest.Create("https://www.google.com");

      var response = request.GetResponse();

      Console.WriteLine("Done.");
      Console.ReadLine();

    }

    private static bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
      Console.WriteLine("Certificate expires on " + certificate.GetExpirationDateString());

      return true;
    }
  }
}

solution2
 1 ACCPTED  2013-03-11 10:17:35

You are getting a "403 forbidden" status because that's what the server returns when you access that page. I see the same thing when I browse to that Uri using IE. This status indicates that you don't have permission to access the Url, so perhaps you should try your code on a page that you have access to.

Also, you're unlikely to see a certificate on a http connection - you might want to try https instead.

solution3
 1  2016-04-19 08:39:43

If you need to download the certificate: 

            //Do webrequest to get info on secure site
        var certName = "FileName";
        var url = "https://mail.google.com";
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        response.Close();

        //retrieve the ssl cert and assign it to an X509Certificate object
        X509Certificate cert = request.ServicePoint.Certificate;

        //convert the X509Certificate to an X509Certificate2 object by passing it into the constructor
        X509Certificate2 cert2 = new X509Certificate2(cert);

        string cn = cert2.GetIssuerName();
        string cedate = cert2.GetExpirationDateString();
        string cpub = cert2.GetPublicKeyString();

        var path = Directory.GetCurrentDirectory() + string.Concat("\\", certName, ".der");
        byte[] certData = cert2.Export(X509ContentType.Cert);
        File.WriteAllBytes(path, certData);

        Console.WriteLine("cert2.GetIssuerName :{0}", cert2.GetIssuerName());
        Console.WriteLine("cert2.GetExpirationDateString :{0}", cert2.GetExpirationDateString());
        Console.WriteLine("cert2.GetPublicKeyString :{0}", cert2.GetPublicKeyString());

.cs Sample File : https://gist.github.com/thedom85/6db200104c075310527aaef63b172253

I also recommend this site : https://www.simple-talk.com/dotnet/.net-framework/tlsssl-and-.net-framework-4.0/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to obtain SSL certificate information of a remote server in c# Obtain expiration date / details about a WCF ssl certificate from .net client get ssl certificate in .net Ignore SSL certificate in .Net Standard 2.0 .Net Core Connected Service with SSL Certificate Get detailed explanation for invalid SSL certificate (.NET) Certificate Authentication fails with SSL error in .Net only bypass invalid SSL certificate in .net core How to add SSl certificate to Kestrel in .Net core SSL certificate pre-fetch .NET
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM