probing SSL websites

[Roedy Green]

Is there an easy way to find out the certificate details of the SSL
cert a site is using, in particular what root certs you need for it to
be recognised?

When do a probe an SSL website in Java, and you don't have the
necessary root, what is supposed to happen? It seems to act as if the
site just did not respond.
--
Roedy Green Canadian Mind Products http://mindprod.com
The first 90% of the code accounts for the first 90% of the development time.
The remaining 10% of the code accounts for the other 90% of the development
time.
~ Tom Cargill Ninety-ninety Law

 

[Arne Vajhøj]

Is there an easy way to find out the certificate details of the SSL
cert a site is using, in particular what root certs you need for it to
be recognised?

The following may reveal somnething:

import java.io.IOException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import javax.net.ssl.HttpsURLConnection;


public class CertSniff {
public static void dump(String urlstr) throws NoSuchAlgorithmException,
KeyManagementException, IOException {
System.out.println("URL=" + urlstr);
URL url = new URL(urlstr);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
if (con.getResponseCode() == HttpsURLConnection.HTTP_OK) {
for(Certificate cert : con.getServerCertificates()) {
if(cert instanceof X509Certificate) {
X509Certificate cert509 = (X509Certificate)cert;
System.out.println("Subject = " + cert509.getSubjectDN());
System.out.println("Issuer = " + cert509.getIssuerDN());
} else {
System.out.println("Unknown certificate");
}
}
} else {
System.out.println("Connection problem");
}
con.disconnect();

}
public static void main(String[] args) throws Exception {
dump("https://www.google.com/");
dump("https://www.facebook.com/");
dump("https://www.microsoft.com/");
}
}

Arne