6

我必须在 c# 中开发一个应用程序来获取 SSL 证书信息,如到期日期、颁发者等基于我提供的 DNS(比如 *.google.com),以便如果到期日期临近,我可以主动处理它。如果我将 DNS 提供为 *.google.com,那么我需要获取该域的 SSL 证书信息的详细信息。

我尝试遵循http://awesomeideas.net/page/Cert-Expiry-Check.aspx,但我觉得它适用于存储在本地系统中的证书。我也尝试使用 HttpWebRequest 来获取 SSL 证书的详细信息,但它要求我输入一个有效的 URI,在我的情况下这是不可用的。我只有 DNS 名称

下面是我用来使用 HttpWebRequest 获取信息的代码。但它要求我输入 https://*.domain.com 类型的有效 URI

Uri uri = new Uri(DNSEntry); 
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri); 
request.Method = WebRequestMethods.Http.Get; 
HttpWebResponse response = (HttpWebResponse)request.GetResponse(); 
X509Certificate cert1 = request.ServicePoint.Certificate; 
X509Certificate2 cert = new X509Certificate2(cert1); 
DateTime dtCertExpiry = Convert.ToDateTime(cert.NotAfter.ToString());
4

1 回答 1

10

我尝试使用以下它工作正常:

string strDNSEntry 是您需要 SSL 的 DNS

public X509Certificate2 DownloadSslCertificate(string strDNSEntry)
{

    X509Certificate2 cert = null;
    using (TcpClient client = new TcpClient())
    {
        //ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3;           
        client.Connect(strDNSEntry, 443);

        SslStream ssl = new SslStream(client.GetStream(), false, new RemoteCertificateValidationCallback(ValidateServerCertificate), null);
        try
        {
            ssl.AuthenticateAsClient(strDNSEntry);
        }
        catch (AuthenticationException e)
        {
            log.Debug(e.Message);
            ssl.Close();
            client.Close();
            return cert;
        }
        catch (Exception e)
        {
            log.Debug(e.Message);
            ssl.Close();
            client.Close();
            return cert;
        }
        cert = new X509Certificate2(ssl.RemoteCertificate);
        ssl.Close();
        client.Close();
        return cert;
    }
}


public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
    if (sslPolicyErrors == SslPolicyErrors.None)
        return true;

    Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

    // Do not allow this client to communicate with unauthenticated servers. 
    return false;
}
于 2013-04-02T07:35:43.390 回答