Re: probing SSL websites
On 1/17/2013 8:09 AM, Roedy Green wrote:
Is there an easy way to find out the certificate details of the SSL
cert a site is using, in particular what root certs you need for it to
be recognised?
The following may reveal somnething:
import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HttpsURLConnection;
public class CertSniff {
public static void dump(String urlstr) throws NoSuchAlgorithmException,
KeyManagementException, IOException {
System.out.println("URL=" + urlstr);
URL url = new URL(urlstr);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
if (con.getResponseCode() == HttpsURLConnection.HTTP_OK) {
for(Certificate cert : con.getServerCertificates()) {
if(cert instanceof X509Certificate) {
X509Certificate cert509 = (X509Certificate)cert;
System.out.println("Subject = " + cert509.getSubjectDN());
System.out.println("Issuer = " + cert509.getIssuerDN());
} else {
System.out.println("Unknown certificate");
}
}
} else {
System.out.println("Connection problem");
}
con.disconnect();
}
public static void main(String[] args) throws Exception {
dump("https://www.google.com/");
dump("https://www.facebook.com/");
dump("https://www.microsoft.com/");
}
}
Arne