I have an interesting problem. Our team manages a large number of Load Balancers and Web servers in AWS. The certificate management blows chunks, so I am trying to add a module to the trycorder that will hit every SSL protected endpoint and check the certificate expiration date, as well as any other certificate details that may be useful. Found an example based on the following, but it fails with an error about being unable to establish trust. I don't care about trust, I just need to check out the certificate being used.
public Dictionary<string, string> GetCertData(string urltocheck)
{
Dictionary<string, string> ToReturn = new Dictionary<string, string>();
try
{
//Do webrequest to get info on secure site
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(urltocheck);
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
response.Close();
//retrieve the ssl cert and assign it to an X509Certificate object
X509Certificate cert = request.ServicePoint.Certificate;
//convert the X509Certificate to an X509Certificate2 object by passing it into the constructor
X509Certificate2 cert2 = new X509Certificate2(cert);
string cn = cert2.Issuer;
string cedate = cert2.GetExpirationDateString();
string cpub = cert2.GetPublicKeyString();
}
catch (Exception ex)
{
ToReturn.Add("Failed", ex.Message);
return ToReturn;
}
The problem is that the AWS LoadBalancer DNS name is not on the certificate and my tool pulls the endpoint from there, and does not necessarily know the DNS name used by client. We have another DNS name alias for the endpoint which IS on the certificate. I need to be able to make a query to the url, and load the certificate information the site is using, even if I cannot access it.
Help?
Aucun commentaire:
Enregistrer un commentaire