λ J*_*kas 10
我不熟悉使用VBS和/或WMI进行此检查的方法,因为它可能是一个安全性,因为它可能会暴露私钥.但是,有一种方法可以利用普通的HTTPS连接来获取有关证书的公共信息.如果使用IE连接到任何安全的网站,则可以转到"文件"菜单并查看"属性",然后单击"证书"按钮.这显示了站点的公共证书信息对话框.您可以使用C#以编程方式获取此信息.
基本上,您需要做的是在端口443上打开与服务器的TCP连接,然后接收SSL数据.在此数据流中是有关证书的公共信息,您可以对其进行验证并从中提取所需的所有信息,包括到期日期.以下是一些示例代码:
static void Main(string[] args) {
foreach (string servername in args) {
Console.WriteLine("\n\nFetching SSL cert for {0}\n", servername);
TcpClient client = new TcpClient(servername, 443);
SslStream sslStream = new SslStream(client.GetStream(), false, callback, null);
try {
sslStream.AuthenticateAsClient(servername);
} catch (AuthenticationException ex) {
Console.WriteLine("Exception: {0}", ex.Message);
if (ex.InnerException != null) {
Console.WriteLine("Inner exception: {0}", ex.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
}
client.Close();
}
}
以及处理证书信息的回调代码:
static RemoteCertificateValidationCallback callback = delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslError) {
X509Certificate2 x509 = new X509Certificate2(cert);
// Print to console information contained in the certificate.
Console.WriteLine("Subject: {0}", x509.Subject);
Console.WriteLine("Issuer: {0}", x509.Issuer);
Console.WriteLine("Version: {0}", x509.Version);
Console.WriteLine("Valid Date: {0}", x509.NotBefore);
Console.WriteLine("Expiry Date: {0}", x509.NotAfter);
Console.WriteLine("Thumbprint: {0}", x509.Thumbprint);
Console.WriteLine("Serial Number: {0}", x509.SerialNumber);
Console.WriteLine("Friendly Name: {0}", x509.PublicKey.Oid.FriendlyName);
Console.WriteLine("Public Key Format: {0}", x509.PublicKey.EncodedKeyValue.Format(true));
Console.WriteLine("Raw Data Length: {0}", x509.RawData.Length);
if (sslError != SslPolicyErrors.None) {
Console.WriteLine("Certificate error: " + sslError);
}
return false;
};
而且很酷的是,从技术上讲,这种方法应该适用于任何网络服务器......我只在IIS 6和7上进行了测试.
Jonas Gorauskas简化了解决方案:
public class SslCertificateExpirationChecker
{
public DateTime GetCertificateExpirationDate(string host, int port)
{
TcpClient client = new TcpClient(host, port);
X509Certificate2 x509 = null;
SslStream sslStream = new SslStream(client.GetStream(), false,
delegate(object sender, X509Certificate cert, X509Chain chain, SslPolicyErrors sslError)
{
x509 = new X509Certificate2(cert);
return true;
});
sslStream.AuthenticateAsClient(host);
client.Close();
return x509.NotAfter;
}
}
用法:
var expirationDate = checker.GetCertificateExpirationDate("www.mydomain.com", 443);
| 归档时间: |
|
| 查看次数: |
6543 次 |
| 最近记录: |