You are viewing a plain text version of this content. The canonical link for it is here.

Posted to httpclient-users@hc.apache.org by Jason Blumenkrantz <ja...@onlinebankingsolutions.com> on 2006/10/13 00:11:49 UTC

Downloading SSL certificate for a site

I'm trying to use HttpClient (version 3.0.1) to present my end users 
with the SSL certificate for a particular website for visual inspection. 
I'm plugging in the EasySSLProtocolSocketFactory and 
EasyX509TrustManager in order to connect to sites using self-signed 
certificates, but I haven't had any luck figuring out how to get the 
certificate chain for a particular URL after executing a GetMethod on 
that URL. Using the JSSE HttpsURLConnection I can call 
getServerCertificates() to return the certificate chain for a site, what 
would be the equivalent for HttpClient?

Thanks in advance,
Jason Blumenkrantz
jason.blumenkrantz@onlinebankingsolutions.com


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-user-help@jakarta.apache.org

Re: Downloading SSL certificate for a site

Posted by Julius Davies <ju...@gmail.com>.

Just try creating a new SSLSocket() and connecting directly to the port.
Then use SSLSocket.getSession().getPeerCertificates().

So if I wanted the certificate chain from "https://gmail.com", I would do:

SSLSocket s = new SSLSocket( "gmail.com", 443 );
Certificate[] certs = s.getSession().getPeerCertificates();

If you want to deal with self-signed certs, and other challenging SSL
situations, take a look at using other SSLSocketFactories (or writing your
own).  Here are some:

http://juliusdavies.ca/commons-ssl/

But you have a point.  It would be nice to extract that stuff directly from
httpclient classes.

yours,

Julius



On 10/12/06, Jason Blumenkrantz <
jason.blumenkrantz@onlinebankingsolutions.com> wrote:
>
> I'm trying to use HttpClient (version 3.0.1) to present my end users
> with the SSL certificate for a particular website for visual inspection.
> I'm plugging in the EasySSLProtocolSocketFactory and
> EasyX509TrustManager in order to connect to sites using self-signed
> certificates, but I haven't had any luck figuring out how to get the
> certificate chain for a particular URL after executing a GetMethod on
> that URL. Using the JSSE HttpsURLConnection I can call
> getServerCertificates() to return the certificate chain for a site, what
> would be the equivalent for HttpClient?
>
> Thanks in advance,
> Jason Blumenkrantz
> jason.blumenkrantz@onlinebankingsolutions.com
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: httpclient-user-help@jakarta.apache.org
>
>