how to retrieve SSL certificate informations?

classic Classic list List threaded Threaded
16 messages Options
Reply | Threaded
Open this post in threaded view
|

how to retrieve SSL certificate informations?

Benoit Chesneau-2
How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.

The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?

Benoît


Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Marc Worrell
Hi Benoît,

If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.

- Marc

On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:

Hi Benoit,

Maybe this helps:


Cheers, Marc

Sent from my iPhone

On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:


How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.

The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?

Benoît



Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Roger Lipscombe-2
In reply to this post by Benoit Chesneau-2
This is probably not complete (because we generate our own
certificates), but here's what we use:

-include_lib("public_key/include/public_key.hrl").

get_certificate_subject_cn(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_certificate_subject_cn(OTPTBS);
get_certificate_subject_cn(#'OTPTBSCertificate'{subject = Subject}) ->
    get_cn(Subject).

get_cn({rdnSequence, Seq}) ->
    get_cn(Seq);
get_cn([]) ->
    undefined;
get_cn([[#'AttributeTypeAndValue'{type = ?'id-at-commonName',
                                  value = {utf8String, Value}}] | _]) ->
    Value;
get_cn([_|Rest]) ->
    get_cn(Rest).

get_serial_number(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_serial_number(OTPTBS);
get_serial_number(#'OTPTBSCertificate'{serialNumber = SerialNumber}) ->
    SerialNumber.

On Sun, 8 Mar 2020 at 23:34, Benoit Chesneau <[hidden email]> wrote:
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
> Benoît
>
>
Reply | Threaded
Open this post in threaded view
|

RE: how to retrieve SSL certificate informations?

Wolf, Dave
In reply to this post by Marc Worrell

Hi Marc,

 

This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?

 

Thanks!

Dave

 

From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
Sent: Monday, March 9, 2020 3:58 AM
To: Benoit Chesneau <[hidden email]>
Cc: Erlang Questions <[hidden email]>
Subject: Re: how to retrieve SSL certificate informations?

 

Hi Benoît,

 

If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.

 

- Marc



On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:

 

Hi Benoit,

 

Maybe this helps:

 

 

Cheers, Marc

Sent from my iPhone



On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:



How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.

 

The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?

 

Benoît

 

 

 

Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Leonard Boyce-2
Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:

>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Benoit Chesneau-2
I think a library that allows manipulation of certificate infos and their creation would make sense indeed.... I can see a lot of usage for it.

On Mon, Mar 9, 2020 at 1:25 PM Leonard B <[hidden email]> wrote:
Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:
>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Marc Worrell
As there is some interest in such a library I will start with splitting off code from the Zotonic code base into a separate application.

I can do that tomorrow.

Then we can start adding extra functionality afterwards.


Cheers, Marc


On 9 Mar 2020, at 17:32, Benoit Chesneau <[hidden email]> wrote:

I think a library that allows manipulation of certificate infos and their creation would make sense indeed.... I can see a lot of usage for it.

On Mon, Mar 9, 2020 at 1:25 PM Leonard B <[hidden email]> wrote:
Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:
>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Benoit Chesneau-2
In reply to this post by Roger Lipscombe-2
Thanks with that an the snippet from Leonard and Marc I have all what I need I thin;k. I will try later today to mix that. One thing I am not sure to understand is how this certificate is created and how you did find the information about it. Is there any place I should read for it?


Benoit

On Mon, Mar 9, 2020 at 9:23 AM Roger Lipscombe <[hidden email]> wrote:
This is probably not complete (because we generate our own
certificates), but here's what we use:

-include_lib("public_key/include/public_key.hrl").

get_certificate_subject_cn(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_certificate_subject_cn(OTPTBS);
get_certificate_subject_cn(#'OTPTBSCertificate'{subject = Subject}) ->
    get_cn(Subject).

get_cn({rdnSequence, Seq}) ->
    get_cn(Seq);
get_cn([]) ->
    undefined;
get_cn([[#'AttributeTypeAndValue'{type = ?'id-at-commonName',
                                  value = {utf8String, Value}}] | _]) ->
    Value;
get_cn([_|Rest]) ->
    get_cn(Rest).

get_serial_number(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_serial_number(OTPTBS);
get_serial_number(#'OTPTBSCertificate'{serialNumber = SerialNumber}) ->
    SerialNumber.

On Sun, 8 Mar 2020 at 23:34, Benoit Chesneau <[hidden email]> wrote:
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
> Benoît
>
>
Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Benoit Chesneau-2
In reply to this post by Marc Worrell
pretty cool :) Thanks for it!

On Mon, Mar 9, 2020 at 5:35 PM Marc Worrell <[hidden email]> wrote:
As there is some interest in such a library I will start with splitting off code from the Zotonic code base into a separate application.

I can do that tomorrow.

Then we can start adding extra functionality afterwards.


Cheers, Marc


On 9 Mar 2020, at 17:32, Benoit Chesneau <[hidden email]> wrote:

I think a library that allows manipulation of certificate infos and their creation would make sense indeed.... I can see a lot of usage for it.

On Mon, Mar 9, 2020 at 1:25 PM Leonard B <[hidden email]> wrote:
Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:
>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Marc Worrell
In reply to this post by Benoit Chesneau-2
We create the certs using two methods:

- self signed certificates (snake oil)
- Let’s Encrypt certificates

And of course we also use certificates we buy from various sources.

I can add the self-signed cert creation to the library.

- Marc


On 9 Mar 2020, at 17:35, Benoit Chesneau <[hidden email]> wrote:

Thanks with that an the snippet from Leonard and Marc I have all what I need I thin;k. I will try later today to mix that. One thing I am not sure to understand is how this certificate is created and how you did find the information about it. Is there any place I should read for it?


Benoit

On Mon, Mar 9, 2020 at 9:23 AM Roger Lipscombe <[hidden email]> wrote:
This is probably not complete (because we generate our own
certificates), but here's what we use:

-include_lib("public_key/include/public_key.hrl").

get_certificate_subject_cn(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_certificate_subject_cn(OTPTBS);
get_certificate_subject_cn(#'OTPTBSCertificate'{subject = Subject}) ->
    get_cn(Subject).

get_cn({rdnSequence, Seq}) ->
    get_cn(Seq);
get_cn([]) ->
    undefined;
get_cn([[#'AttributeTypeAndValue'{type = ?'id-at-commonName',
                                  value = {utf8String, Value}}] | _]) ->
    Value;
get_cn([_|Rest]) ->
    get_cn(Rest).

get_serial_number(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_serial_number(OTPTBS);
get_serial_number(#'OTPTBSCertificate'{serialNumber = SerialNumber}) ->
    SerialNumber.

On Sun, 8 Mar 2020 at 23:34, Benoit Chesneau <[hidden email]> wrote:
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
> Benoît
>
>

Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Benoit Chesneau-2
err I meant the OTPCertificate record. it seems to be defined during compilation. 

On Mon 9 Mar 2020 at 17:53 Marc Worrell <[hidden email]> wrote:
We create the certs using two methods:

- self signed certificates (snake oil)
- Let’s Encrypt certificates

And of course we also use certificates we buy from various sources.

I can add the self-signed cert creation to the library.

- Marc


On 9 Mar 2020, at 17:35, Benoit Chesneau <[hidden email]> wrote:

Thanks with that an the snippet from Leonard and Marc I have all what I need I thin;k. I will try later today to mix that. One thing I am not sure to understand is how this certificate is created and how you did find the information about it. Is there any place I should read for it?


Benoit

On Mon, Mar 9, 2020 at 9:23 AM Roger Lipscombe <[hidden email]> wrote:
This is probably not complete (because we generate our own
certificates), but here's what we use:

-include_lib("public_key/include/public_key.hrl").

get_certificate_subject_cn(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_certificate_subject_cn(OTPTBS);
get_certificate_subject_cn(#'OTPTBSCertificate'{subject = Subject}) ->
    get_cn(Subject).

get_cn({rdnSequence, Seq}) ->
    get_cn(Seq);
get_cn([]) ->
    undefined;
get_cn([[#'AttributeTypeAndValue'{type = ?'id-at-commonName',
                                  value = {utf8String, Value}}] | _]) ->
    Value;
get_cn([_|Rest]) ->
    get_cn(Rest).

get_serial_number(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
    get_serial_number(OTPTBS);
get_serial_number(#'OTPTBSCertificate'{serialNumber = SerialNumber}) ->
    SerialNumber.

On Sun, 8 Mar 2020 at 23:34, Benoit Chesneau <[hidden email]> wrote:
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
> Benoît
>
>

--
Sent from my Mobile
Reply | Threaded
Open this post in threaded view
|

RE: how to retrieve SSL certificate informations?

Wolf, Dave
In reply to this post by Benoit Chesneau-2

Hi Marc,

 

Thanks for doing this; we appreciate your efforts!

 

Cheers,

Dave.

 

From: Benoit Chesneau <[hidden email]>
Sent: Monday, March 9, 2020 12:36 PM
To: Marc Worrell <[hidden email]>
Cc: Leonard B <[hidden email]>; Roger Lipscombe <[hidden email]>; Wolf, Dave (SI SSP R&D ATL) <[hidden email]>; Erlang Questions <[hidden email]>
Subject: Re: how to retrieve SSL certificate informations?

 

pretty cool :) Thanks for it!

 

On Mon, Mar 9, 2020 at 5:35 PM Marc Worrell <[hidden email]> wrote:

As there is some interest in such a library I will start with splitting off code from the Zotonic code base into a separate application.

 

I can do that tomorrow.

 

Then we can start adding extra functionality afterwards.

 

 

Cheers, Marc

 



On 9 Mar 2020, at 17:32, Benoit Chesneau <[hidden email]> wrote:

 

I think a library that allows manipulation of certificate infos and their creation would make sense indeed.... I can see a lot of usage for it.

 

On Mon, Mar 9, 2020 at 1:25 PM Leonard B <[hidden email]> wrote:

Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:
>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>

 

Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Roger Lipscombe-2
In reply to this post by Benoit Chesneau-2
erlc knows how to compile .asn1 files:
https://erlang.org/doc/man/erlc.html#supported-compilers;
OTPCertificate is defined in lib/public_key/asn1/OTP-PKIX.asn1.

On Mon, 9 Mar 2020 at 17:36, Benoit Chesneau <[hidden email]> wrote:

>
> err I meant the OTPCertificate record. it seems to be defined during compilation.
>
> On Mon 9 Mar 2020 at 17:53 Marc Worrell <[hidden email]> wrote:
>>
>> We create the certs using two methods:
>>
>> - self signed certificates (snake oil)
>> - Let’s Encrypt certificates
>>
>> And of course we also use certificates we buy from various sources.
>>
>> I can add the self-signed cert creation to the library.
>>
>> - Marc
>>
>>
>> On 9 Mar 2020, at 17:35, Benoit Chesneau <[hidden email]> wrote:
>>
>> Thanks with that an the snippet from Leonard and Marc I have all what I need I thin;k. I will try later today to mix that. One thing I am not sure to understand is how this certificate is created and how you did find the information about it. Is there any place I should read for it?
>>
>>
>> Benoit
>>
>> On Mon, Mar 9, 2020 at 9:23 AM Roger Lipscombe <[hidden email]> wrote:
>>>
>>> This is probably not complete (because we generate our own
>>> certificates), but here's what we use:
>>>
>>> -include_lib("public_key/include/public_key.hrl").
>>>
>>> get_certificate_subject_cn(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
>>>     get_certificate_subject_cn(OTPTBS);
>>> get_certificate_subject_cn(#'OTPTBSCertificate'{subject = Subject}) ->
>>>     get_cn(Subject).
>>>
>>> get_cn({rdnSequence, Seq}) ->
>>>     get_cn(Seq);
>>> get_cn([]) ->
>>>     undefined;
>>> get_cn([[#'AttributeTypeAndValue'{type = ?'id-at-commonName',
>>>                                   value = {utf8String, Value}}] | _]) ->
>>>     Value;
>>> get_cn([_|Rest]) ->
>>>     get_cn(Rest).
>>>
>>> get_serial_number(#'OTPCertificate'{tbsCertificate = OTPTBS}) ->
>>>     get_serial_number(OTPTBS);
>>> get_serial_number(#'OTPTBSCertificate'{serialNumber = SerialNumber}) ->
>>>     SerialNumber.
>>>
>>> On Sun, 8 Mar 2020 at 23:34, Benoit Chesneau <[hidden email]> wrote:
>>> >
>>> > How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>>> >
>>> > The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>>> >
>>> > Benoît
>>> >
>>> >
>>
>>
> --
> Sent from my Mobile
Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Ingela Andin
In reply to this post by Benoit Chesneau-2
Hi!

The public_key user's guide  https://erlang.org/doc/apps/public_key/users_guide.html describes the records returned form public_key functions to decode certificates and keys. 
If you want the issuer you can always use public_key:pkix_issuer(Cert:: der_cert() | #'OTPCertificate{}, self|other).  

You can also use the function public_key:test_data/1  to generate test certificates and keys for testing purposes. 

If you want to be able to implement a CA-authority I agree there is a need to extend public_key.  If you feel some
generally useful functions are missing from public_key PR are always welcome.

Regards Ingela Erlang/OTP team - Ericsson AB



Den mån 9 mars 2020 kl 00:34 skrev Benoit Chesneau <[hidden email]>:
How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.

The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?

Benoît


Reply | Threaded
Open this post in threaded view
|

Re: how to retrieve SSL certificate informations?

Marc Worrell
In reply to this post by Wolf, Dave
I have isolated and slightly reworked the SSL routines.
There is now a Hex package here:


Please add pull requests for any additional feature or cert decoding info!

Cheers, Marc


On 9 Mar 2020, at 18:44, Wolf, Dave <[hidden email]> wrote:

Hi Marc,
 
Thanks for doing this; we appreciate your efforts!
 
Cheers,
Dave.
 
From: Benoit Chesneau <[hidden email]> 
Sent: Monday, March 9, 2020 12:36 PM
To: Marc Worrell <[hidden email]>
Cc: Leonard B <[hidden email]>; Roger Lipscombe <[hidden email]>; Wolf, Dave (SI SSP R&D ATL) <[hidden email]>; Erlang Questions <[hidden email]>
Subject: Re: how to retrieve SSL certificate informations?
 
pretty cool :) Thanks for it!
 
On Mon, Mar 9, 2020 at 5:35 PM Marc Worrell <[hidden email]> wrote:
As there is some interest in such a library I will start with splitting off code from the Zotonic code base into a separate application.
 
I can do that tomorrow.
 
Then we can start adding extra functionality afterwards.
 
 
Cheers, Marc
 


On 9 Mar 2020, at 17:32, Benoit Chesneau <[hidden email]> wrote:
 
I think a library that allows manipulation of certificate infos and their creation would make sense indeed.... I can see a lot of usage for it.
 
On Mon, Mar 9, 2020 at 1:25 PM Leonard B <[hidden email]> wrote:
Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:

>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>
Reply | Threaded
Open this post in threaded view
|

RE: how to retrieve SSL certificate informations?

Wolf, Dave

HI Marc,

 

I’d like to again express our thanks for taking the time to do this!

 

Cheers,

Dave.

 

From: Marc Worrell <[hidden email]>
Sent: Thursday, March 12, 2020 6:52 AM
To: Wolf, Dave (SI SSP R&D ATL) <[hidden email]>
Cc: Benoit Chesneau <[hidden email]>; Leonard B <[hidden email]>; Roger Lipscombe <[hidden email]>; Erlang Questions <[hidden email]>
Subject: Re: how to retrieve SSL certificate informations?

 

I have isolated and slightly reworked the SSL routines.

There is now a Hex package here:

 

 

Please add pull requests for any additional feature or cert decoding info!

 

Cheers, Marc

 



On 9 Mar 2020, at 18:44, Wolf, Dave <[hidden email]> wrote:

 

Hi Marc,

 

Thanks for doing this; we appreciate your efforts!

 

Cheers,

Dave.

 

From: Benoit Chesneau <[hidden email]> 
Sent: Monday, March 9, 2020 12:36 PM
To: Marc Worrell <[hidden email]>
Cc: Leonard B <[hidden email]>; Roger Lipscombe <[hidden email]>; Wolf, Dave (SI SSP R&D ATL) <[hidden email]>; Erlang Questions <[hidden email]>
Subject: Re: how to retrieve SSL certificate informations?

 

pretty cool :) Thanks for it!

 

On Mon, Mar 9, 2020 at 5:35 PM Marc Worrell <[hidden email]> wrote:

As there is some interest in such a library I will start with splitting off code from the Zotonic code base into a separate application.

 

I can do that tomorrow.

 

Then we can start adding extra functionality afterwards.

 

 

Cheers, Marc

 




On 9 Mar 2020, at 17:32, Benoit Chesneau <[hidden email]> wrote:

 

I think a library that allows manipulation of certificate infos and their creation would make sense indeed.... I can see a lot of usage for it.

 

On Mon, Mar 9, 2020 at 1:25 PM Leonard B <[hidden email]> wrote:

Hi Benoit,

This may be helpful for pulling basic cert info

https://gist.github.com/leonardb/a4dc25651ba3682966bafe5c7d1f575c

Leonard

On Mon, Mar 9, 2020 at 8:16 AM Wolf, Dave <[hidden email]> wrote:
>
> Hi Marc,
>
>
>
> This is a very timely topic in a current project I’m working on at the moment.  We need to determine the expiration date of a certificate as well as generate a self-signed one, which I see this module does as well.  Could you please isolate it in a separate library so we can include it in our list of OSS components?
>
>
>
> Thanks!
>
> Dave
>
>
>
> From: erlang-questions <[hidden email]> On Behalf Of Marc Worrell
> Sent: Monday, March 9, 2020 3:58 AM
> To: Benoit Chesneau <[hidden email]>
> Cc: Erlang Questions <[hidden email]>
> Subject: Re: how to retrieve SSL certificate informations?
>
>
>
> Hi Benoît,
>
>
>
> If the below is what you are looking for, then I can also isolate it in a separate library app for inclusion in your projects.
>
>
>
> - Marc
>
>
>
> On 9 Mar 2020, at 07:25, Marc Worrell <[hidden email]> wrote:
>
>
>
> Hi Benoit,
>
>
>
> Maybe this helps:
>
>
>
> https://github.com/zotonic/zotonic/blob/master/apps/zotonic_core/src/support/z_ssl_certs.erl#L313
>
>
>
> Cheers, Marc
>
> Sent from my iPhone
>
>
>
> On 9 Mar 2020, at 00:34, Benoit Chesneau <[hidden email]> wrote:
>
> 
>
> How can I get informations about an SSL certificate ? Specifically I am looking for a way to retrieve the issuer, subject, and the  serial number of the certificate.
>
>
>
> The record I get from decoding using public_key functions is hard to parse so any help is welcome. Maybe there is already an api/app somewhere for it?
>
>
>
> Benoît
>
>
>
>
>
>