WebClient - Pull SSL Cert Information

[David]

Using the NetWebClient, is there a way to get the SSL Certificate information from a site?  Specifically the Issued To, Issued By, and Valid from.

I would like to fetch the index page from a site and check it's SSL cert information.

[Bruce]

Hi David,

The short answer is that it doesn't expose this to you at this time.

How badly do you want it? From my first check it will require a fairly considerably effort to get this information out the OpenSSL layer and expose it through the DLL layer to the Object layer. Given the niche status of this request, that would likely require some loot to move it up the priority list.

Cheers
Bruce

[David]

Bruce, I would think with the recent Heartbleed issue that everyone would want to check the SSL Cert date to ensure it's been reissued. :-)

I would much rather the Client Web Services get your attention than this.

I thought that I might have this figured out myself by using the following property but I guess not.

NetSimple.SSLGetIssuerField()

[Bruce]

Hi David,

As I understand it re-issued certificates have the same dates as the certificate it is replacing. So testing the certificate dates doesn't tell you if the certificate has been updated or not.

Plus, of course, not everyone was affected by the bug, so many sites wouldn't need to update anyway. For example NetTalk 4,5 and 6 sites were unaffected because they didn't use the OpenSSL DLL with the bug.

So in short, it's not really possible to tell if a site was affected, and if they've done all the steps that were necessary to them to resolve it.

cheers
Bruce

[Bruce]

>> NetSimple.SSLGetIssuerField()

I'll check up on this and see if it's working, and if it could be extended to get the dates...

cheers
Bruce

[Bruce]

Hi David,

>> So in short, it's not really possible to tell if a site was affected, and if they've done all the steps that were necessary to them to resolve it.

the above remains true, which may make the rest of this post meaningless;

>> Using the NetWebClient, is there a way to get the SSL Certificate information from a site?

further investigation showed that these properties of the certificate were indeed exposed. They are in the following properties;
self.SSLCertificateOptions.RemoteCertificateVersion
self.SSLCertificateOptions.RemoteCertificateSubject
self.SSLCertificateOptions.RemoteCertificateIssuer
self.SSLCertificateOptions.RemoteCertificateNotBeforeDate
self.SSLCertificateOptions.RemoteCertificateNotBeforeTime
self.SSLCertificateOptions.RemoteCertificateNotAfterDate
self.SSLCertificateOptions.RemoteCertificateNotAfterTime

I have updated the NetDemo app (in 8.12) to display these properties on the WebClient procedure, "Certificate" tab.

Cheers
Bruce