How do I decode/parse a X509 SSL Cert

[marc spitzer]

Hi,

Did a bit of googleing on this and did not have much luck.
I would like to connect to a ssl webserver and download the
cert. Then I would like to decode the cert and pares out some
fields of interest, host name and expire date, and make it a
report that gets mailed out weekly.

My question is what would be the best way to get and decode the
cert? Decode could be selective, I ask for the bits I want or a
dump of the cert lile 'openssl x509 -noout -text -in file.crt'

thanks,

marc

 

[yermej]

Hi,

Did a bit of googleing on this and did not have much luck.
I would like to connect to a ssl webserver and download the
cert.  Then I would like to decode the cert and pares out some
fields of interest, host name and expire date, and make it a
report that gets mailed out weekly.  

My question is what would be the best way to get and decode the
cert?

require 'openssl'

cert = OpenSSL::X509::Certificate.new(File.read(cert_file_name))
cert.subject
cert.not_after

 

[yermej]

Hi,

Did a bit of googleing on this and did not have much luck.
I would like to connect to a ssl webserver and download the
cert.  Then I would like to decode the cert and pares out some
fields of interest, host name and expire date, and make it a
report that gets mailed out weekly.  

My question is what would be the best way to get and decode the
cert?

Sorry, I forgot to answer the first part of the question. And I was
less sure of that anyway. This should do it though:

require 'net/https'

host = 'www.example.com'
port = 443
path = '/'

http = Net::HTTP.new(host, port)
http.use_ssl = true

http.start(path) do |conn|
cert = OpenSSL::X509::Certificate.new conn.peer_cert
cert.not_after
cert.subject
end

There are some useful files in the Ruby tarball in sample/openssl if
you'll be using Ruby OpenSSL very much.