Nmap Development mailing list archives
Re: SSL Certificate experation date and encryption level
From: David Fifield <david () bamsoftware com>
Date: Mon, 22 Jun 2009 19:30:44 -0600
On Mon, Jun 22, 2009 at 11:10:14AM -0400, Tony Cap wrote:
I have a request to check SSL Certificate dates and Encrytion levels. Can I use nmap to do this?
This has been proposed as an NSE script but it doesn't exist yet. I thought you could do this with the openssl s_client subcommand, like openssl s_client -connect host:port but that doesn't print out the expiration date in plain text. You would have to copy the base64-encoded certificate and paste it into a command like openssl x509 -text -noout For anyone interested in writing a certificate retrieval script, I think it would involve extending the nse_openssl.cc library to enable getting a certificate from a connected socket, and then providing functions to extract parts of it. There are some examples of doing this in ncat/ncat_ssl.c. SSL_get_peer_certificate is the function to get the certificate. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- SSL Certificate experation date and encryption level Tony Cap (Jun 22)
- Re: SSL Certificate experation date and encryption level David Fifield (Jun 22)
- Re: SSL Certificate experation date and encryption level Tony Cap (Jun 24)
- Re: SSL Certificate experation date and encryption level David Fifield (Jun 22)