How to Get Ssl Certificate Details Using JavaScript

Is there a way to get SSL certificate details using JavaScript?

This information simply isn't exposed to javascript, it is so rarely used (well never since it isn't available, but it would be rarely used) that it wasn't deemed important enough to add to the javascript object model I suppose...same for any very rarely used feature left out of anything.

Of course, it could have also been left out for security reasons...I'm not creative enough to come up with one at the moment, but I'm sure there's an exploit to be had there as well.

How can I get the SSL certificate for a given URL using javascript?

From the looks of things this is not possible. The Forge library needs to create a socket for the TLS connection. And while chrome's Javascript API lets webapps create sockets, it does not let extensions do the same.

Within a web browser, is it possible for JavaScript to obtain information about the HTTPS Certificate being used for the current page?

You can use the opensource Forge project to do this. It implements SSL/TLS in JavaScript. You can make an ajax call to the server and use a callback to inspect the certificate. Keep in mind that the server is the one sending the JavaScript so this shouldn't be used to determine whether or not you trust the server the JavaScript is from. The Forge project does allow cross-domain requests, so if you are using this for trust, you can load the Forge JavaScript from a server you already trust and then contact the server you don't yet trust. However, unless that other server provides a cross-domain policy, you will not be able to perform the cross-domain request.

https://github.com/digitalbazaar/forge/blob/master/README.md

The blog links in the README provide more information on how Forge can be used and how it works.

Extract details of SSL certificates using JavaScript/OpenSSL

The Page Info dialog in Firefox already displays certificate information so it is a good idea to look at how it is implemented. To sum up:

• The <browser> or <tabbrowser> element (gBrowser in a Firefox window) has a property securityUI.
• The value of this property implements nsISSLStatusProvider interface which allows you to get to nsISSLStatus.
• From there you can get to nsIX509Cert which has all the necessary information.

Code example:

var status = gBrowser.securityUI
                     .QueryInterface(Components.interfaces.nsISSLStatusProvider)
                     .SSLStatus;
if (status && !status.isUntrusted)
{
  // This shows: OU=Equifax Secure Certificate Authority,O=Equifax,C=US
  alert(status.serverCert.issuerName);

  // This shows: Equifax Secure Certificate Authority
  alert(status.serverCert.issuerOrganizationUnit);
}

Note that the interface doesn't provide a way to extract issuer's country, you will have to parse status.serverCert.issuerName value yourself. Also, you only get the information on the immediate issuer this way, not the root CA. To get to the root CA you should use status.serverCert.issuer property and walk up the chain.

How can I get the SSL Certificate info for the *current* page in a Firefox Add On

The way you query the channel to get its security info seems sane. I suspect that your problem is actually timing - you query it at the wrong time. Tracing all requests is really the wrong approach if security info is all you are interested in. It makes far more sense to register a progress listener (there are examples) and to look at the channel whenever onSecurityChange is being called. You are likely to be only interested in requests where aState contains STATE_IS_SECURE flag. Note that aRequest parameter is usually an nsIChannel instance but could also be a plain nsIRequest - instanceof check is required.

Check in JavaScript if an SSL Certificate is valid

The question doesn't make sense. You can't get the server's SSL certificate without opening an SSL connection to it, and once you've done that, telling the user they can do that too is a bit pointless.

Reading the certifcate information of a web page

I found this link very helpful:
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/How_to_check_the_secruity_state_of_an_XMLHTTPRequest_over_SSL

How to fetch details of website SSL certificate expiry, issuer etc using selenium python?

It is probably impossible to get these information using selenium since it is impossible to get these information from inside the browser using Javascript. One can try to access the website though directly using some Python code:

import ssl
 
conn = ssl.create_connection(('google.com',443))
ctx = ssl.create_default_context() 
conn = ctx.wrap_socket(conn, server_hostname = 'google.com')
print(conn.getpeercert())

The dictionary returned by getpeercert has all the necessary information about issuer and validity inside.

Note though that direct access by Python and by the browser (and thus by selenium) behave slightly differently because a different TLS stack and/or different settings regarding ciphers, supported TLS versions etc are used. In some cases this will lead to TLS handshake problems with the Python code which don't happen with the browser.

There are also cases where the certificates in the server are improperly setup and chain certificates are missing. Browser will often successfully work around this, Python not. In this case the code above will fail too and one might need to use more complex code, see Python getting common name from URL using ssl.getpeercert().

---

Related Topics