如何使用 PowerShell 从网站下载 SSL 证书? [英] How to download the SSL certificate from a website using PowerShell?

问题描述

我想使用 PowerShell 从 https://www.outlook.com 下载 SSL 证书.是否可以?有人可以帮我吗?

I want to download the SSL certificate from, say https://www.outlook.com, using PowerShell. Is it possible? Could someone help me?

推荐答案

您应该能够通过使用 HttpWebRequest 对象上的 ServicePoint 属性来获取公钥.一旦我们向相关站点发出 http 请求，就会填充这些必要信息.

You should be able to get the public key by using the ServicePoint property on the HttpWebRequest object. This necessary information will be populated once we have made a http request to the site in question.

如果向具有不受信任证书的站点发出请求，则 GetResponse 方法将抛出异常，但是，ServicePoint 仍将包含 Certificate，因此我们希望以确保我们在状态为信任失败时忽略 WebException.

If the request is made to a site which has an untrusted certificate the GetResponse method will throw an exception, However, the ServicePoint will still contain the Certificate so we want to ensure we ignore WebException if the status is a trust failure.

所以类似下面的内容应该可以工作:

So something like the following should work:

function Get-PublicKey
{
    [OutputType([byte[]])]
    PARAM (
        [Uri]$Uri
    )

    if (-Not ($uri.Scheme -eq "https"))
    {
        Write-Error "You can only get keys for https addresses"
        return
    }

    $request = [System.Net.HttpWebRequest]::Create($uri)

    try
    {
        #Make the request but ignore (dispose it) the response, since we only care about the service point
        $request.GetResponse().Dispose()
    }
    catch [System.Net.WebException]
    {
        if ($_.Exception.Status -eq [System.Net.WebExceptionStatus]::TrustFailure)
        {
            #We ignore trust failures, since we only want the certificate, and the service point is still populated at this point
        }
        else
        {
            #Let other exceptions bubble up, or write-error the exception and return from this method
            throw
        }
    }

    #The ServicePoint object should now contain the Certificate for the site.
    $servicePoint = $request.ServicePoint
    $key = $servicePoint.Certificate.GetPublicKey()
    Write-Output $key
}

Get-PublicKey -Uri "https://www.bing.com"
Get-PublicKey -Uri "https://www.facebook.com"

如果您想多次调用该方法并且某些方法可能具有相同的地址，您可能需要使用ServicePointManager.FindServicePoint(System.Uri) 方法，因为如果有请求，它将返回缓存版本已经到那个网站了.因此，您可以检查服务点是否已填充信息.如果没有，请发出 Web 请求.如果有，就使用已经存在的信息，为自己保存一个 http 请求.

If you want to call the method many times and some might have the same address, you might want to improve the function by using the ServicePointManager.FindServicePoint(System.Uri) method, since it will return a cached version if a request has already been made to that site. So you could check if the service point has been populated with information. If it hasn't, make the web request. If it has, just use the already existing information, saving yourself an http request.

这篇关于如何使用 PowerShell 从网站下载 SSL 证书?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！