Nmap Development mailing list archives

Re: SSL Certificate experation date and encryption level

From: "Tony Cap" <tonycap26 () gmail com>
Date: Wed, 24 Jun 2009 10:32:00 -0400

Thanks for the info. I did find the following that may help so I thoughtI'd pas it along.


By Sebastiaan Mangoentinojo

http://www.littlebighuman.com/?p=136

----- Original Message -----From: "David Fifield" <david () bamsoftware com>

To: "Tony Cap" <tonycap26 () gmail com>
Cc: <nmap-dev () insecure org>
Sent: Monday, June 22, 2009 9:30 PM
Subject: Re: SSL Certificate experation date and encryption level

On Mon, Jun 22, 2009 at 11:10:14AM -0400, Tony Cap wrote:

I have a request to check SSL Certificate dates and Encrytion levels.

Can I use nmap to do this?


This has been proposed as an NSE script but it doesn't exist yet.

I thought you could do this with the openssl s_client subcommand, like
openssl s_client -connect host:port
but that doesn't print out the expiration date in plain text. You would
have to copy the base64-encoded certificate and paste it into a command
like
openssl x509 -text -noout

For anyone interested in writing a certificate retrieval script, I think
it would involve extending the nse_openssl.cc library to enable getting
a certificate from a connected socket, and then providing functions to
extract parts of it. There are some examples of doing this in
ncat/ncat_ssl.c. SSL_get_peer_certificate is the function to get the
certificate.

David Fifield



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

SSL Certificate experation date and encryption level Tony Cap (Jun 22)
- Re: SSL Certificate experation date and encryption level David Fifield (Jun 22)
  - Re: SSL Certificate experation date and encryption level Tony Cap (Jun 24)