SSL证书预取.NET [英] SSL certificate pre-fetch .NET
问题描述
我写一个程序,让我来监督我们网站的健康。这包括一系列的,我可以对一个Web应用程序运行验证任务。其中一个测试的是预测一个特定的SSL证书过期。
我要寻找一种方式来预取安装在使用网站的SSL证书。网或WINAPI这样我可以验证与特定网站相关联的证书的有效期限。
我能做到这一点的方法之一是缓存证书时,他们在ServicePointManager.ServerCertificateValidationCallback处理程序进行验证,然后配合他们与配置的Web站点,但是这似乎是一个有点hackish。另一种是配置与证书的网站应用程序,但如果我能以最小化的配置我宁愿避免这种情况。
会是什么是最简单的办法,我下载使用.NET网站相关的SSL证书,这样我可以检查证书包含要验证的信息呢?
编辑:
要对答案下面延伸,没有必要手动创建之前创建要求的ServicePoint。据请求对象执行请求的一部分生成的。
私有静态字符串GetSSLExpiration(字符串URL)
{
HttpWebRequest的要求= WebRequest.Create(URL)为HttpWebRequest的;
使用(WebResponse的响应= request.GetResponse()){}
如果(request.ServicePoint.Certificate!= NULL)
{
返回request.ServicePoint.Certificate.GetExpirationDateString( );
}
,否则
{
返回的String.Empty;
}
}
我刚刚打开试过,其中工程在我的机器(TM)的。
它返回一个代表对服务器证书的到期日期的文本字符串,并且需要一个实际的命中将在网站上进行。
私人字符串GetSSLExpiryDate(字符串URL)
{
乌里U =新的URI(URL);
的ServicePoint SP = ServicePointManager.FindServicePoint(U);
串组名= Guid.NewGuid()的ToString();
HttpWebRequest的REQ = HttpWebRequest.Create(U)为HttpWebRequest的;
req.ConnectionGroupName =组名;
使用(WebResponse类RESP = req.GetResponse())
{
//忽略响应,并关闭响应。
}
sp.CloseConnectionGroup(组名);
//这里实现零最爱检查图案上sp.Certificate
串expiryDate = sp.Certificate.GetExpirationDateString();
返回expiryDate;
}
我怕我不知道使用的所有权利与错。的ServicePoint,那你可能需要通过跳跃,但你得到你想要了解的实际网站的SSL到期日期的任何其他箍
编辑:
确保URL参数,使用https://协议
如字符串contosoExpiry = GetSSLExpiryData(https://www.contoso.com/);
I am writing a utility that would allow me to monitor the health of our websites. This consists of a series of validation tasks that I can run against a web application. One of the tests is to anticipate the expiration of a particular SSL certificate.
I am looking for a way to pre-fetch the SSL certificate installed on a web site using .NET or a WINAPI so that I can validate the expiration date of the certificate associated with a particular website.
One way I could do this is to cache the certificates when they are validated in the ServicePointManager.ServerCertificateValidationCallback handler and then match them up with configured web sites, but this seems a bit hackish. Another would be to configure the application with the certificate for the website, but I'd rather avoid this if I can in order to minimize configuration.
What would be the easiest way for me to download an SSL certificate associated with a website using .NET so that I can inspect the information the certificate contains to validate it?
EDIT:
To extend on the answer below there is no need to manually create the ServicePoint prior to creating the request. It is generated on the request object as part of executing the request.
private static string GetSSLExpiration(string url)
{
HttpWebRequest request = WebRequest.Create(url) as HttpWebRequest;
using (WebResponse response = request.GetResponse()) { }
if (request.ServicePoint.Certificate != null)
{
return request.ServicePoint.Certificate.GetExpirationDateString();
}
else
{
return string.Empty;
}
}
I've just tried this, which "works on my machine (tm)".
It returns the text string representing the expiry date on the server's certificate, and requires an actual hit to be made on the web site.
private string GetSSLExpiryDate(string url)
{
Uri u = new Uri(url);
ServicePoint sp = ServicePointManager.FindServicePoint(u);
string groupName = Guid.NewGuid().ToString();
HttpWebRequest req = HttpWebRequest.Create(u) as HttpWebRequest;
req.ConnectionGroupName = groupName;
using (WebResponse resp = req.GetResponse())
{
// Ignore response, and close the response.
}
sp.CloseConnectionGroup(groupName);
// Implement favourite null check pattern here on sp.Certificate
string expiryDate = sp.Certificate.GetExpirationDateString();
return expiryDate;
}
I'm afraid I don't know all the rights and wrongs of using ServicePoint, and any other hoops that you might need to jump through, but you do get an SSL expiry date for the actual web site you want to know about.
EDIT: ensure the "url" parameter use the https:// protocol.
e.g. string contosoExpiry = GetSSLExpiryData("https://www.contoso.com/");
这篇关于SSL证书预取.NET的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
