SSL 证书预取 .NET
我正在编写一个实用程序,可以让我监控我们网站的运行状况。这由一系列我可以针对 Web 应用程序运行的验证任务组成。其中一项测试是预测特定 SSL 证书的过期情况。
我正在寻找一种使用 .NET 或 WINAPI 预获取安装在网站上的 SSL 证书的方法,以便我可以验证与特定网站关联的证书的到期日期。
我可以做到这一点的一种方法是在 ServicePointManager.ServerCertificateValidationCallback 处理程序中验证证书时缓存证书,然后将它们与配置的网站进行匹配,但这似乎有点黑客。另一种方法是使用网站的证书配置应用程序,但如果可以的话,我宁愿避免这种情况,以便最大限度地减少配置。
对我来说,使用 .NET 下载与网站关联的 SSL 证书以便我可以检查证书包含的信息来验证它,最简单的方法是什么?
编辑:
扩展下面的答案无需在创建请求之前手动创建 ServicePoint。它是在请求对象上生成的,作为执行请求的一部分。
private static string GetSSLExpiration(string url)
{
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
using (WebResponse response = request.GetResponse()) { }
if (request.ServicePoint.Certificate != null)
{
return request.ServicePoint.Certificate.GetExpirationDateString();
}
else
{
return string.Empty;
}
}
I am writing a utility that would allow me to monitor the health of our websites. This consists of a series of validation tasks that I can run against a web application. One of the tests is to anticipate the expiration of a particular SSL certificate.
I am looking for a way to pre-fetch the SSL certificate installed on a web site using .NET or a WINAPI so that I can validate the expiration date of the certificate associated with a particular website.
One way I could do this is to cache the certificates when they are validated in the ServicePointManager.ServerCertificateValidationCallback handler and then match them up with configured web sites, but this seems a bit hackish. Another would be to configure the application with the certificate for the website, but I'd rather avoid this if I can in order to minimize configuration.
What would be the easiest way for me to download an SSL certificate associated with a website using .NET so that I can inspect the information the certificate contains to validate it?
EDIT:
To extend on the answer below there is no need to manually create the ServicePoint prior to creating the request. It is generated on the request object as part of executing the request.
private static string GetSSLExpiration(string url)
{
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
using (WebResponse response = request.GetResponse()) { }
if (request.ServicePoint.Certificate != null)
{
return request.ServicePoint.Certificate.GetExpirationDateString();
}
else
{
return string.Empty;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我刚刚尝试过这个,它“在我的机器上运行(tm)”。
它返回表示服务器证书上的到期日期的文本字符串,并且需要在网站上进行实际点击。
恐怕我不知道使用 ServicePoint 的所有正确和错误,以及您可能需要跳过的任何其他障碍,但您确实会获得您想了解的实际网站的 SSL 到期日期。
编辑:
确保“url”参数使用 https:// 协议。
例如 string contosoExpiry = GetSSLExpiryData("https://www.contoso.com/");
I've just tried this, which "works on my machine (tm)".
It returns the text string representing the expiry date on the server's certificate, and requires an actual hit to be made on the web site.
I'm afraid I don't know all the rights and wrongs of using ServicePoint, and any other hoops that you might need to jump through, but you do get an SSL expiry date for the actual web site you want to know about.
EDIT:
ensure the "url" parameter use the https:// protocol.
e.g. string contosoExpiry = GetSSLExpiryData("https://www.contoso.com/");