1

I'd like to extract the current SSL certificate from the current browsing session, and read the properties.

I'd like to do this at the Browser, for content that is delivered from the server. I'm not looking for a 3rd party tool. A likely implementation would be to use Javascript and any invokable object that may be available (ActiveX / COM / CAPICOM?).

Does anyone know if this is possible using CAPICOM or any other control?

http://bozhobg.wordpress.com/2009/04/16/how-to-create-a-digital-signing-solution-with-only-javascript/

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • 1
    Can you clarify the question? Are you looking for a tool you can use to connect to a server and get its SSL certificate? If yes, see the answer about OpenSSL below. Are you looking for some Javascript code a server can send to the browser, which can pull out the SSL certificate used on that connection? Are you looking for something that a web server or web application can use to extract the SSL certificate? If so, what server/platform are you using? – D.W. Jan 19 '11 at 07:06
  • 1
    To the best of my knowledge, CAPICOM has been discontinued, and is not very much supported. At least, thats what I remember from a few years ago - I'm looking for a link, but best I've found so far just points to "recommendations" to use .NET instead. – AviD Jan 20 '11 at 00:39
  • You might also find [this question](http://security.stackexchange.com/q/1034/33) helpful ;-). Actually, both questions really have the same purpose, dont they? Just trying a different technology to find the solution... – AviD Jan 20 '11 at 00:40
  • @AviD, yes they are very similar except for the Technology ;) – makerofthings7 Feb 10 '11 at 20:45

2 Answers2

1

I have seen reference to adding certificates through CAPICOM usage. I haven't seen validating or checking one that is in use. I wouldn't want to use CAPICOM based on the fact that it's a 32-bit only solution according to the MSDN. Just my perspective, but I have a hard time wanting to dig any deeper when you are warned off of the API by the software manufacturer.

The other point that could make this difficult is that you are looking for the certificate in use, not a certificate in the store.

I did see that you don't want to depend on a particular product. Does this mean you don't want to use some browser specific function to try and grab the certificate? I would try browser specific functions first.

RobotHumans
  • 335
  • 1
  • 12
0

Providing some more details may help in getting a solid answer.

I don't know about CAPICOM but you can extract the certificate with OpenSSL like so:

openssl s_client -connect www.website.com:443

This assumes you know the URL you are interested in.

PulpSpy
  • 2,204
  • 15
  • 19
  • 1
    The issue is that I'd like to get the certificate, as seen by the web browser itself. Sometimes, say when debugging with Fiddler, the SSL cert is swapped out. I want to become aware of this... I think CAPICOM is the way, but I'm not sure how (yet) – makerofthings7 Jan 19 '11 at 02:33
  • 1
    I don't understand your comment. The OpenSSL solution listed here is a good one. Why does this answer fail to meet your needs? What happened when you try it? Why do you think CAPICOM is the answer? You're more likely to get a useful answer if you can explain the constraints or what problem you're trying to solve. – D.W. Jan 19 '11 at 07:07
  • I am looking for: some Javascript code a server can send to the browser, which can pull out the SSL certificate used on that connection – makerofthings7 Jan 19 '11 at 20:16
  • @D.W. typically openSSL is not available to javascript on random clients... – AviD Jan 20 '11 at 00:37