获取ssl证书信息 - .net

时间:2013-03-11 09:43:24

标签: c# ssl-certificate

我希望从任何给定的域名SSL证书中获取数据。例如,我想放入任何网站地址,例如“http://stackoverflow.com”我的代码首先会检查是否存在SSL证书。如果确实如此,我希望它能够取出证书的失效日期。 [我正在阅读DB中的域名]示例:http://www.digicert.com/help/

我需要创建一个Web服务来检查到期日期。我怎么能实现它? - 我查了很多不同的东西,比如RequestCertificateValidationCallback和ClientCertificates等。由于我是新手,我不知道该做些什么。

我可能完全错了(因此我需要帮助)但是我会创建一个HTTPWebRequest然后以某种方式请求客户端证书和特定元素吗?

我尝试了提供@SSL证书预取.NET的示例,但我得到了forbitten 403错误。

非常感谢任何帮助 - 谢谢。

这是我写的代码,它抛出403禁止错误。

        Uri u = new Uri("http://services.efi.com/");
        ServicePoint sp = ServicePointManager.FindServicePoint(u);

        string groupName = Guid.NewGuid().ToString();
        HttpWebRequest req = HttpWebRequest.Create(u) as HttpWebRequest;
        req.Accept = "*/*";
        req.ConnectionGroupName = groupName;

        using (WebResponse resp = req.GetResponse())
        {
            // Ignore response, and close the response.
        }
        sp.CloseConnectionGroup(groupName);

        // Implement favourite null check pattern here on sp.Certificate
        string expiryDate = sp.Certificate.GetExpirationDateString();

        string str = expiryDate;

3 个答案:

答案 0 :(得分:6)

这很好用:

namespace ConsoleApplication1
{
  using System;
  using System.Net;
  using System.Net.Security;
  using System.Security.Cryptography.X509Certificates;

  class Program
  {
    static void Main()
    {
      ServicePointManager.ServerCertificateValidationCallback += ServerCertificateValidationCallback;

      var request = WebRequest.Create("https://www.google.com");

      var response = request.GetResponse();

      Console.WriteLine("Done.");
      Console.ReadLine();

    }

    private static bool ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
      Console.WriteLine("Certificate expires on " + certificate.GetExpirationDateString());

      return true;
    }
  }
}

答案 1 :(得分:1)

您将获得“403禁止”状态,因为这是您访问该页面时服务器返回的内容。当我使用IE浏览到那个Uri时,我看到同样的事情。此状态表示您无权访问Url,因此您可能应该在您有权访问的页面上尝试使用代码。

此外,您不太可能在http连接上看到证书 - 您可能想要尝试https

答案 2 :(得分:1)

如果您需要下载证书:

            //Do webrequest to get info on secure site
        var certName = "FileName";
        var url = "https://mail.google.com";
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
        HttpWebResponse response = (HttpWebResponse)request.GetResponse();
        response.Close();

        //retrieve the ssl cert and assign it to an X509Certificate object
        X509Certificate cert = request.ServicePoint.Certificate;

        //convert the X509Certificate to an X509Certificate2 object by passing it into the constructor
        X509Certificate2 cert2 = new X509Certificate2(cert);

        string cn = cert2.GetIssuerName();
        string cedate = cert2.GetExpirationDateString();
        string cpub = cert2.GetPublicKeyString();

        var path = Directory.GetCurrentDirectory() + string.Concat("\\", certName, ".der");
        byte[] certData = cert2.Export(X509ContentType.Cert);
        File.WriteAllBytes(path, certData);

        Console.WriteLine("cert2.GetIssuerName :{0}", cert2.GetIssuerName());
        Console.WriteLine("cert2.GetExpirationDateString :{0}", cert2.GetExpirationDateString());
        Console.WriteLine("cert2.GetPublicKeyString :{0}", cert2.GetPublicKeyString());

.cs示例文件:https://gist.github.com/thedom85/6db200104c075310527aaef63b172253

我也推荐这个网站:https://www.simple-talk.com/dotnet/.net-framework/tlsssl-and-.net-framework-4.0/

相关问题
最新问题